Cequence Security, Inc - Experts & Thought Leaders

Cequence Security, a pioneer in API security and bot management, unveiled new insights from its CQ Prime threat research team that reveal a surge in cyber threats as businesses race to comply with the March 31 PCI DSS 4.0 deadline. The research underscores the escalating risks of API-driven fraud, credential stuffing, and payment system abuse, particularly in retail and financial services. Drawing on billions of real transactions and attack data from Cequence’s Unified API Protection (UAP) platform, the report highlights the growing attack surface cybercriminals exploit in payment infrastructure, loyalty programs, and product pricing systems. Key findings Scale of Credential Attacks: As the PCI DSS 4.0 deadline approaches, automated fraud is accelerating. More than 300 million account takeover (ATO) attempts were blocked in the past year, illustrating the growing scale of credential stuffing attacks. Retail’s High-Stakes Battleground: Retailers faced 66.5% of all malicious traffic, highlighting their vulnerability due to high transaction volumes and fragmented security postures. Product Search & Pricing Abuse: A staggering 822 million attempts were blocked as 89% of non-ATO bot-driven attacks focused on scraping product pricing. This enables competitive algorithm manipulation, scalping, and real-time price undercutting of legitimate retailers. Loyalty Rewards Abuse: Over 22 million fraudulent attempts were blocked as attackers exploited loyalty programs, treating reward points like cash. These accounts are frequently drained due to easier liquidation than stolen credit cards, often going undetected until significant losses occur. Shopping Cart & Inventory Abuse: Nearly 6 million attacks were prevented as fraudsters weaponised automation to hoard high-demand products. Credit Verification Fraud: Over 69 million attempts were blocked as cybercriminals mass-tested stolen credit card details through low-risk transactions before making larger fraudulent purchases, fuelling the circulation of compromised payment data. Traditional security defences for API PCI DSS 4.0 introduces critical security updates, many businesses still struggle with API protection “PCI DSS 4.0 is pushing businesses to modernise security, but many are still scrambling to catch up, giving attackers the perfect opportunity to strike,” said Randolph Barr, CISO at Cequence. “Account takeovers remain the biggest threat, but we’re also seeing a wave of new, highly sophisticated attacks exploiting every stage of the digital payment process. The common thread? APIs. Attackers are sidestepping traditional security defences and going straight for API endpoints that handle cardholder data - one of the most critical yet overlooked vulnerabilities. Businesses that focus only on compliance risk falling behind.” While PCI DSS 4.0 introduces critical security updates, many businesses still struggle with API protection, an area that attackers are actively exploiting. Key actions of Cequence To ensure compliance while defending against real-world threats, Cequence recommends these key actions: Ensure Secure Data Transmission: Encrypt all Primary Account Number (PAN) information when transmitted over open, public networks to prevent unauthorised access. Secure API Endpoints: Identify all API endpoints that transmit PAN and ensure they only transmit encrypted PAN, reducing the risk of data exposure. Proactively Identify Vulnerabilities: Inspect custom application code for security flaws before deployment using automated tools to identify risks in APIs, third-party integrations, and custom applications. Continuously Test and Monitor: Regularly test APIs and applications for misconfigurations or vulnerabilities before production and monitor them for anomalous or malicious behaviour in real time. Deploy Automated Preventative Controls: Use security solutions that prevent both conventional attacks and business logic abuse while ensuring sensitive data is not exposed to unauthorised entities. Implement Real-Time Threat Prevention: Identify and block malicious traffic before it reaches your applications using intelligent, automated security mechanisms.

Cequence Security, a pioneer in API security and bot management, announced that it is now an Amazon Web Services (AWS) Web Application Firewall (WAF) Ready Partner. This designation recognises Cequence’s solution as validated by AWS Partner Network (APN) Solutions Architects and seamlessly integrates with AWS WAF. Security posture with minimal effort AWS WAF, available across all AWS Regions, can be deployed directly from the AWS console, empowering organisations to strengthen their security posture with minimal effort. Being an AWS WAF Ready Partner differentiates Cequence as an APN member with a product that works with AWS WAF and is generally available for and fully supports AWS customers. Internet threats and vulnerabilities AWS WAF Ready Partners help customers quickly identify easy-to-deploy solutions AWS WAF Ready Partners help customers quickly identify easy-to-deploy solutions that can help detect, mitigate, and analyse some of the most common Internet threats and vulnerabilities. Securing web applications has never been more challenging. Fifty-five percent of organisations say protecting their web applications has become more difficult over the past two years, while 93% have faced at least one attack on their web applications and APIs in the past 12 months. This threat landscape is only growing as attackers increasingly harness generative artificial intelligence (AI) to automate and refine their methods. Organisations face a range of security challenges Traditional application attacks: Exploits targeting known vulnerabilities, including OWASP Top 10 risks, along with malware and denial-of-service attacks that disrupt application availability. Unmanaged APIs: Cloud-native architectures and interconnected applications have made APIs prime targets for injection attacks, misconfigurations, and other exploits—often bypassing traditional defences like WAFs entirely, leaving them even more exposed. Bot and fraud attacks: AI-driven bots are being used at scale for scraping, inventory hoarding, and account fraud, making detection and mitigation increasingly difficult. Seamlessly securing APIs and applications UAP offers real-time visibility into managed and unmanaged APIs, detecting exposures Cequence’s Unified API Protection (UAP) platform enhances existing WAFs and API gateways by providing proactive security tailored to modern API architectures. Unlike traditional security tools, UAP offers real-time visibility into both managed and unmanaged APIs, detecting vulnerabilities, misconfigurations, and anomalous behaviour to prevent threats before they escalate. By unifying API discovery, compliance enforcement, and threat protection, UAP helps organisations adopt a proactive security posture, safeguarding critical applications, preventing fraud, ensuring compliance, and seamlessly integrating with existing infrastructure. Malicious bots and API-based attacks “Achieving the AWS WAF Ready designation strengthens our ability to ensure that AWS customers continue to receive advanced API security solutions,” said Ameya Talwalkar, CEO of Cequence. “While WAFs play a role in security, they are not sufficient to combat today’s sophisticated threats. Malicious bots and API-based attacks can bypass traditional defences. Cequence provides AWS customers with comprehensive protection, addressing the critical security gaps that WAFs may miss.”

Cequence Security, a pioneer in API security and bot management announced significant momentum in the Middle East and Africa (MEA) region, driven by rapid customer adoption, strategic partnerships, and a strengthened leadership team. This expansion further solidifies Cequence’s position as the go-to API security and bot management provider in the region, addressing the growing demand for advanced threat protection and digital risk mitigation. Modern digital transformation “APIs are the backbone of modern digital transformation, but they are also the most exploited attack surface,” said Ameya Talwalkar, CEO of Cequence Security. “We are not just expanding—we are transforming how businesses defend their digital assets. As the only solution that provides data sovereignty in the region, we empower enterprises with AI-driven security tailored to their unique regulatory and threat landscapes. By combining innovative threat intelligence with proactive defence, we enable organisations to anticipate and mitigate attacks before they impact operations.” MEA expansion Cequence’s expansion in MEA has been marked by: 1) New customer acquisitions across financial services, telecommunications, oil and gas, and technology, securing organisations such as: A top Islamic bank in the UAE. One of the largest financial institutions in the Middle East and Africa. A major telecom provider in Turkey. A digital transformation pioneer in the energy sector. 2) A 193% increase in ARR in the MEA region year-over-year. 3) A 68% increase in partner deal registrations, demonstrating strong market demand for Cequence’s Unified API Protection (UAP) platform. 4) An 83% increase in reseller partnerships, spanning KSA, UAE, Qatar, Jordan, Kuwait, Bahrain, and Egypt. 5) The planned signing of a strategic Memorandum of Understanding (MOU) at LEAP 2025 with a strategic GTM partner, underscores Cequence’s commitment to regional cybersecurity initiatives. 6) Hiring for multiple positions across various departments in the region reinforces Cequence’s investment in local talent and its commitment to long-term growth in the MEA. Strategic leadership appointment Ismail brings a proven track record of driving business growth and forging strategic alliances To drive Cequence’s expansion in MEA, the company has appointed Mohammad Ismail as its new Head of Go-to-Market (GTM) & Sales for EMEA, strategically based in Dubai to accelerate regional growth and customer success. With over 25 years of experience in cybersecurity and enterprise IT across the Middle East, Africa, and Southeast Asia, Ismail brings a proven track record of driving business growth and forging strategic alliances. Reliance on APIs “My focus at Cequence is to strengthen our presence in the EMEA region by deepening relationships with customers and partners,” said Mohammad Ismail, Head of GTM & Sales for EMEA. “With the increasing adoption of the growing reliance on APIs to power digital services, organisations need robust API security and bot management solutions. I look forward to leveraging my experience to expand our footprint, provide strategic guidance, and help customers stay ahead of evolving cyber threats.” Customer success and industry validation Cequence’s platform has helped organisations across MEA overcome critical API security and bot management challenges. Customers have leveraged Cequence to: Secure APIs during open banking transitions, ensuring compliance and real-time protection for sensitive financial data. Enhance API governance and security testing, integrating seamlessly with CI/CD pipelines to enforce OWASP Top 10 protections. Detect and stop sophisticated API attacks with AI-driven threat detection and real-time behavioral analysis, mitigating risks from shadow APIs and automated threats. Improve visibility and response times with comprehensive API activity monitoring, automated security enforcement, and automated enforcement with no human intervention. Meet stringent data sovereignty requirements, ensuring security policies remain within customer-controlled environments. These capabilities combined with Cequence’s unified approach, continue to drive strong adoption among MEA enterprises seeking to protect their digital environments. Investor confidence and market leadership Cequence’s expansion in MEA has garnered continued support from investors Cequence’s expansion in MEA has garnered continued support from investors, including Prosperity7 Ventures and Sanabil Investments. “The Middle East presents a unique and fast-growing opportunity for cybersecurity innovation, and Cequence is pioneering the charge with its best-in-class API security solutions,” said Abhishek Shukla, managing director and head of North America at Prosperity7 Ventures. “With an experienced leadership team, strong regional partnerships, and a relentless focus on innovation, Cequence is well-positioned to drive continued success in the MEA market.” Commitment to innovation As part of its ongoing commitment to innovation, Cequence has introduced new capabilities tailored to the MEA market, including: Expanded cloud and on-premises deployment options, ensuring compliance with regional data sovereignty requirements. Enhanced partner enablement programs, equipping resellers and service providers with advanced API security expertise. Protecting digital assets “With API threats growing more sophisticated, we remain focused on delivering cutting-edge security solutions that empower organisations to stay ahead of attackers,” added Talwalkar. “Our investment in MEA reflects our dedication to supporting businesses with the tools they need to protect their digital assets and maintain trust with their customers.” LEAP 2025 Cequence will be at Stand H1.D30 during LEAP 2025. Stop by to meet the team and learn more about how the industry-pioneering API security and bot management solutions can help protect the digital ecosystem. Join Ameya Talwalkar, CEO of Cequence, as he discusses the evolving API security and bot management landscape. His session will cover emerging threats, regional trends, and strategies for mitigating cyber risks. When: 7:30 PM - 7:50 PM Where: Stand H1.D30