Arxan launches advanced protection for client-side web apps
Arxan announced the launch of Arxan for Web, the latest enhancement to its protection solution for client-side web apps.
Enabling organizations to defend against server side (API) attacks and credential theft, Arxan for Web is easily deployed and provides a multi-layered defensive approach including:
- Passive protection – obfuscates code, making it harder for attackers to understand and analyze for reverse engineering,
- Active protection – in the event of code analysis, tampering or malware attacks, the browser can be shut down or attacked code can be repaired,
- Real-time alerting – notifies organizations of attempted code tampering or analysis via Arxan Threat Analytics to quarantine suspicious accounts and update code protections.
The continued increase in global data breaches affects business performance, costing an average of $3.86 million in a single breach. And a sharp increase in API-based attacks is anticipated.
According to Gartner: “by 2022, API abuses will be the most frequent attack vector, resulting in data breaches for enterprise web applications.” The rise in client-side threats makes timely, proactive threat response even more critical.
“Arxan for Web now provides organizations real-time threat reporting, which means they can respond to threats before attacks can get through APIs to backend systems,” says Joe Sander, CEO, Arxan.
“We’re enabling a closed loop security process between code deployment, early stage client-side attacks, detection and remediation, and preventing the compromise of critical back office systems and assets.”
According to OWASP, JavaScript has become the predominant web language. At the same time, OWASP reports that Cross Site Scripting (XSS) – a client-side attack that hijacks browser sessions in order to steal credentials, redirect traffic to malicious sites, or deface websites – is one of the top application security risks.
Browsers have been attempting to combat Cross Site Scripting attacks for years, something that Arxan for Web can now defend against and report the attack back to risk management systems.
“JavaScript is an incredibly powerful language, but it also has one defining flaw in regard to security: JavaScript code is interpreted at runtime. This means that virtually everyone who downloads JavaScript-based software will have full access to the code that drives it,” says Rusty Carter, vice president of product management, Arxan.
“Security teams traditionally focused their resources on perimeter security, everything that runs behind the firewall. If you’re deploying web apps, especially in financial services, e-commerce, gaming or digital media, the attacks that will get through that perimeter start on the client side, hours, days or weeks before any suspicious interaction with the perimeter.”
OWASP research also shows that insufficient logging and monitoring is a security concern, noting that the time it takes most organizations to detect a breach is far too long to adequately address the threat until it’s too late: “most breach studies show time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring. Exploitation of insufficient logging and monitoring is the bedrock of nearly every major incident. Attackers rely on the lack of monitoring and timely response to achieve their goals without being detected.”
Arxan Threat Analytics provides visibility into the security posture of applications by giving organizations timely data and intelligence to stay in front of threats to any web app deployed in the wild.
For example, if a debugger is plugged into a web app, Arxan will alert the organization to that activity.
Arxan’s most recent addition to its executive team, senior vice president of engineering Krish (Krishnakumar) Kalkiraj adds, “Protecting the client side and providing organizations early warning of imminent threats when bad actors are in the exploration phase is groundbreaking. This kind of forward-thinking innovation that has a real impact on global businesses — and that is what drew me to join the Arxan team.”
Kalkiraj, will be leading the continued development of Arxan for Web and Threat Analytics in addition to Arxan’s portfolio of application, code and key protection technologies.
Kalkiraj is a technology leader with leadership experience at companies such as Intuit, PTC and ThreatMetrix.
He is recognized for his technical expertise, his holistic view of product development, and his support for cross-functional teams working together toward a common goal.