Cequence Security, Inc - Experts & Thought Leaders

Cequence, a pioneer in API security and bot management, unveiled new insights from its CQ Prime threat research team that underscore the growing cyber threats targeting the global retail sector during the holiday season. The research reveals that businesses could face average potential losses of £2.02 million ($2.58 million) per hour throughout December due to malicious bot traffic and fraud attempts. Cequence’s UAP platform Drawing on billions of real transactions and attack data from Cequence’s Unified API Protection (UAP) platform, the report highlights the expanding attack surface that cybercriminals exploit during peak shopping periods like Black Friday and Cyber Monday. For a visual summary of the report's findings, including the impact of malicious bot attacks and strategies to defend against them, download the infographic. Key findings E-commerce Growth and Risks: Total e-commerce transactions doubled year-over-year (YoY) from 5.1 billion in 2023 to 10.4 billion in 2024, with 34.62% flagged as malicious—up 138.57% from the previous year. Financial Impact of Cybercrime: Cybercrime during the 11-day period from November 22 (Black Friday) to December 2, 2024 (Cyber Monday) resulted in £533.67 ($681.12 million) in potential losses worldwide, with projections for December 2024 averaging £2.02 million in losses per hour, totalling £1.4 billion ($1.79 billion). Sophisticated Attack Techniques: Sophisticated attack techniques, including credential stuffing, SMS pumping, and token farming, experienced a 700% YoY increase. Real-World Mitigation: A major e-commerce company mitigated an SMS pumping attack that cost £2,350 ($3,000) every four hours, successfully blocking fraudulent account creation and preventing further financial losses with Cequence’s advanced bot and API protection. Real-World Mitigation: Cequence managed a 125% traffic surge on Black Friday, blocking 11.5 million malicious attempts while maintaining seamless customer experiences. Use of proactive security measures Cequence’s research found a 72.6% increase in mitigated malicious traffic from 2023 to 2024 With the growth of legitimate e-commerce transactions, businesses face an unprecedented challenge of defending against increasingly sophisticated and high-volume attacks. Cequence’s research found a 72.6% increase in mitigated malicious traffic from 2023 to 2024, highlighting the urgent need for proactive security measures. “Cybercriminals are seizing on the rapid growth of digital commerce, using increasingly sophisticated tactics to target both businesses and consumers,” said Randolph Barr, CISO at Cequence. “This year’s findings are part of a broader trend: as e-commerce continues to evolve, so too does the scale and complexity of cyber threats. These findings highlight the critical need for businesses to adopt robust API and bot management solutions to protect revenue, maintain customer trust, and stay competitive in an increasingly digital world.” Steps to heightened cyber threats To navigate heightened cyber threats, Cequence advises businesses to take these steps: Enhance Incident Readiness: Conduct regular security drills to simulate various attack scenarios. Continuously review and refine response plans based on evolving threats, ensuring all stakeholders are prepared. Map the Attack Surface: Create and maintain a comprehensive inventory of all public-facing applications and APIs to eliminate blind spots that attackers often exploit. Align Security with Business Objectives: Ensure security measures support key goals, such as seamless user experiences or faster performance. For instance, implement secure user validation techniques that balance speed and protection. Deploy Multi-Layered Security: Combine solutions like API protection, web application firewalls, and bot mitigation tools to address complex, multi-faceted attacks effectively. Monitor Anomalous Behaviour: Continuously analyse user activity for suspicious patterns, such as repeated failed login attempts from diverse IP addresses, which may indicate credential stuffing or account takeover attempts. Strengthen Access Controls: Use robust authentication measures like multi-factor authentication (MFA) and dynamic token-based security to guard against unauthorised access. Invest in Real-Time Threat Management: Leverage tools that provide 24/7 monitoring and automated mitigation to quickly detect and neutralise threats without impacting legitimate traffic. Optimise for High-Traffic Events: Prepare for spikes in activity during critical periods like Black Friday by stress-testing systems and scaling security measures in advance.

Cequence Security, a pioneer in API security and bot management announced the launch of its new API Security Assessment Services. Designed to provide immediate, actionable insights into API security risks, these time-bound and fixed services leverage Cequence’s advanced Unified API Protection platform, enabling companies to quickly identify and address security gaps within their existing infrastructure. A clear and comprehensive view As digital transformation accelerates, the reliance on APIs introduces new security challenges. Cequence’s assessment services provide a clear and comprehensive view of an organisation’s API environment, helping identify hidden risks and compliance with internal governance and external regulatory requirements. With quick, SaaS-based onboarding, organisations can easily access vital API protection and benefit from continuous threat detection, machine-learning-powered insights, and actionable recommendations that reinforce API security. API security and bot assessment services “Our API security and bot assessment services are designed to empower organisations with the insights they need to safeguard their digital assets,” said Anil Pochiraju, VP of Customer Success at Cequence. “In today’s threat landscape, it’s no longer enough to simply monitor for attacks; organisations must actively identify and remediate vulnerabilities within their API landscape. Our innovative service provides a comprehensive view of API-based risks, enabling our clients to take informed action.” Key features API Attack Surface Discovery: Discovers the attack surface for a domain and provides visibility into externally accessible API hosts, where APIs are deployed (e.g., cloud IaaS), and how they are protected (by CDNs, Gateways, WAFs, etc.). Edge, infrastructure, and application providers are also discovered and inventoried. API Inventory & Risk: Inventories all known and unknown, internal, external, and third-party APIs, generates OpenAPI specifications for APIs where none exist, analyses OWASP API Top 10 findings, and makes recommendations to mitigate high-risk findings. API Sensitive Data Exposure: Identifies sensitive unencrypted data using ML-based rules with predefined (e.g., credit card and social security numbers) and customisable data patterns. Discovers and assesses API vulnerabilities that could lead to sensitive data exposure. API Security Testing: Performs comprehensive testing to uncover API coding errors and vulnerabilities such as Broken Authentication and Authorisation, Insufficient Logging and Monitoring, Insecure Data Exposure, and Broken Object-Level Authorisation, and generates test plans for up to three high-value, non-production APIs. API Threat Protection: Monitors up to three hosts to detect and assess potential threats to applications and APIs through an easy, passive deployment that doesn’t impact existing infrastructure. Identification of potential vulnerabilities The assessments not only enhance security but also facilitate a culture of continuous improvement Organisations leveraging Cequence’s assessment services can expect faster identification of potential vulnerabilities, along with detailed reports that document findings and recommend actionable steps for remediation. The assessments not only enhance security but also facilitate a culture of continuous improvement within development and operational teams. Clear roadmap “API security is not just a technical challenge; it’s a business imperative,” added Anil Pochiraju. “Our assessment services provide a clear roadmap for organisations to enhance their API security posture, mitigate risks, and ultimately protect their customers’ sensitive data. We are proud to be at the forefront of this critical initiative.” Assessment capabilities As the first company in the API security market to offer such an extensive portfolio of assessment services, Cequence sets itself apart from competitors. This service not only addresses the immediate need to identify API-based vulnerabilities but also offers opportunities for partners to collaborate with Cequence in providing these assessment capabilities to their customers. Availability Discover how Cequence’s API Security and Bot Assessment Services can bolster the organisation’s defences.

Cequence Security, a pioneer in API security and bot management announced the appointment of Randolph Barr as Chief Information Security Officer (CISO). With over 20 years of extensive experience in cybersecurity, IT, and risk management, Barr is poised to strengthen Cequence’s commitment to delivering robust security solutions in an ever-evolving threat landscape. Randolph Barr Barr’s professional journey includes key leadership roles at renowned organisations such as Zoom Video Communications, Qualys, Cisco-Webex, and InterVenn Biosciences. Throughout his career, he has excelled in strategically advising executive pioneers, identifying and addressing security gaps, and pioneering incident response efforts. His proven track record in developing corporate IT and security strategies has effectively mitigated risks while fostering a culture of security awareness across organisations. API security “I was drawn to Cequence because of its focus on tackling one of today’s pressing security challenges—API security,” said Barr. “As organisations increasingly rely on APIs to drive web applications and integrate AI, strong API security is essential to protect sensitive data and maintain regulatory compliance." Compliance and transparency "In my role, I plan to build on Cequence’s internal security program foundation, enhancing it to meet the needs of customers across different regions and industries." "I am committed to maintaining and strengthening customer trust by increasing transparency and ensuring our security efforts stay ahead of emerging threats and compliance requirements.” Barr's work experience Barr has effectively led the development and expansion of security programs across diverse industries In his previous roles, Barr has effectively led the development and expansion of security programs across diverse industries, including software, cloud services, and enterprise security. His strategic initiatives have established foundational frameworks that not only address immediate cybersecurity threats but also scale alongside organisational growth. Barr’s extensive expertise has been instrumental in enabling organisations to achieve critical security certifications and third-party attestations, ensuring compliance with industry standards and enhancing security governance. Team building approach Randolph’s dedication to fostering a collaborative environment within the cybersecurity community is evident in his approach to team building. He emphasises knowledge sharing and continuous learning, believing these elements are vital in strengthening collective defences against cyber adversaries.  Risk management foundation “By creating a culture of open communication, shared responsibility, and continuous learning, I encourage experimentation with new technologies and ideas while maintaining a strong risk management foundation,” said Barr. “Cross-functional teamwork is key, and I invest in professional development and knowledge sharing to ensure the team stays ahead of emerging threats.” Managing security challenges “Randolph’s extensive experience in developing scalable security frameworks and his strategic approach to risk management will significantly enhance our capabilities at Cequence,” said Shreyans Mehta, CTO of Cequence. “As we navigate the complexities of API security and bot management, Randolph’s insights will be invaluable in fortifying our security posture and driving innovative solutions that empower our clients to effectively manage their security challenges.” Raising awareness Recognising that API security presents unique challenges, especially as API usage grows alongside innovative technologies like AI, Barr stated, “APIs are targets for bad actors due to the sensitive data they expose and the complexity of securing them in dynamic environments." "Addressing these challenges effectively requires raising awareness and collaboration among security professionals to share approaches, helping organisations better understand and mitigate API security risks.”