Skip to main content

Application Protection Leader Enhances Solution for Web Apps with Code Protection, Real-Time Monitoring, Alerting
and Threat Analytics

San Francisco, CA – September 13, 2018Arxan Technologies, the trusted provider of application protection solutions, announced today the launch of Arxan for Web, the latest enhancement to its industry-leading protection solution for client-side web apps. Enabling organizations to defend against server side (API) attacks and credential theft, Arxan for Web is easily deployed and provides a multi-layered defensive approach including:

  • Passive protection - obfuscates code, making it harder for attackers to understand and analyze for reverse engineering
  • Active protection - in the event of code analysis, tampering or malware attacks, the browser can be shut down or attacked code can be repaired
  • Real-time alerting - notifies organizations of attempted code tampering or analysis via Arxan Threat Analytics to quarantine suspicious accounts and update code protections

The continued increase in global data breaches significantly affects business performance, costing an average of $3.86 million in a single breach.1 And a particularly sharp increase in API-based attacks is anticipated. According to Gartner: “by 2022, API abuses will be the most frequent attack vector, resulting in data breaches for enterprise web applications.”2 The rise in client-side threats makes timely, proactive threat response even more critical.

“Arxan for Web now provides organizations real-time threat reporting, which means they can respond to threats before attacks can get through APIs to backend systems,” says Joe Sander, CEO, Arxan. “We’re enabling a closed loop security process between code deployment, early stage client-side attacks, detection and remediation, and preventing the compromise of critical back office systems and assets.”

According to OWASP, JavaScript has become the predominant web language. At the same time, OWASP reports that Cross Site Scripting (XSS) – a client-side attack that hijacks browser sessions in order to steal credentials, redirect traffic to malicious sites, or deface websites – is one of the top application security risks. Browsers have been attempting to combat Cross Site Scripting attacks for years, something that Arxan for Web can now defend against and report the attack back to risk management systems.

“JavaScript is an incredibly powerful language, but it also has one defining flaw in regard to security: JavaScript code is interpreted at runtime. This means that virtually everyone who downloads JavaScript-based software will have full access to the code that drives it,” says Rusty Carter, vice president of product management, Arxan. “Security teams traditionally focused their resources on perimeter security, everything that runs behind the firewall. If you’re deploying web apps, especially in financial services, e-commerce, gaming or digital media, the attacks that will get through that perimeter start on the client side, hours, days or weeks before any suspicious interaction with the perimeter.”

OWASP research also shows that insufficient logging and monitoring is a primary security concern, noting that the time it takes most organizations to detect a breach is far too long to adequately address the threat until it’s too late: “most breach studies show time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring. Exploitation of insufficient logging and monitoring is the bedrock of nearly every major incident. Attackers rely on the lack of monitoring and timely response to achieve their goals without being detected.”

Arxan Threat Analytics provides much-needed visibility into the security posture of applications by giving organizations timely data and intelligence to stay in front of evolving threats to any web app deployed in the wild. For example, if a debugger is plugged into a web app, Arxan will immediately alert the organization to that activity.

Arxan’s most recent addition to its executive team, senior vice president of engineering Krish (Krishnakumar) Kalkiraj adds, “Protecting the client side and providing organizations early warning of imminent threats when bad actors are in the exploration phase is groundbreaking. This kind of forward-thinking innovation that has a real impact on global businesses — and that is what drew me to join the Arxan team.”

Kalkiraj, will be leading the continued development of Arxan for Web and Threat Analytics in addition to Arxan’s portfolio of application, code and key protection technologies. Kalkiraj is a technology leader with leadership experience at companies such as Intuit, PTC and ThreatMetrix. He is recognized for the depth of his technical expertise, his holistic view of product development, and his support for cross-functional teams working together toward a common goal.

For more information about Arxan for Web please visit: https://www.arxan.com/application-protection/web

1 https://www.ibm.com/security/data-breach

2 Gartner, Inc. “Predicts 2018: Infrastructure Protection” by Lawrence Orans, John Girard, Adam Hils, Greg Young, Dionisio Zumerle, Jeremy D'Hoinne, Earl Perkins, Mark O'Neill, Toby Bussa, November 20, 2017

About Arxan Technologies

Arxan, a global trusted leader providing the industry’s most comprehensive application protection solutions, works with organizations looking to protect applications and to securely deploy and manage business-critical apps to the extended enterprise. Arxan currently protects more than one billion application instances across many industries including financial services, mobile payments, healthcare, automotive, gaming, and entertainment. Unlike legacy security providers that rely on perimeter-based barriers to keep bad actors out or that require device management controls, Arxan products protect at the application-level from the inside out. This approach protects the source and binary code to expand the corporate perimeter of trust. Arxan provides broad range of patented security capabilities such as a dynamic app policy engine, code hardening, obfuscation, white-box cryptography and encryption, and threat analytics. Founded in 2001, the company is headquartered in North America with global offices in EMEA and APAC. For more information, please visit www.arxan.com or follow @Arxan on Twitter.