CQ Prime
Threat Research

Your Threat Research Partner in API Protection

As API use explodes, your team is faced with a double edged sword. Attackers are continually evolving their tools, finding new ways to abuse your APIs and exploit discovered vulnerabilities. Meanwhile, your team, likely understaffed and possibly new to API threats is tasked with keeping up with the latest attack techniques while maintaining your organizations overall security posture. That’s where the CQ Prime Threat Research team can help, providing assistance that ranges from ongoing research your team can take advantage of, to fully managed threat detection and response.

Singularly Focused on API Threat Hunting

Distributed globally to ensure 24×7 coverage, the CQ Prime Threat Research Team is dedicated to understanding how cyber criminals are attacking your APIs to commit fraud, steal data and disrupt your business. The Team analyzes automated attacks and exploits based on the four elements a bad actor needs to execute their malicious actions – infrastructure, tools, credentials and behavior – translating those efforts into improved API protection , published research, dynamic policy updates and product enhancements.

Malicious Infrastructure

The largest database of malicious API infrastructure is meticulously curated to stop attackers in their tracks based on their IP address or organization.

Threat Toolkits

Known toolkits in use are dissected, analyzed and translated into pre-defined, high efficacy policies to protect your APIs.

User Credentials

Stolen credential listings are incorporated into the predefined policies to improve ATO and fake account prevention efficacy.

Behavioral Fingerprinting

Ongoing analysis of actions taken to evade detection are incorporated into existing or new ML models to maximize efficacy.

Zero Day Vulnerabilities

On-going investigative efforts into undiscovered API vulnerabilities such as iLoNg4j.

ML-Model Enhancements

Research is used to continually enhance, or create new ML-based analysis techniques to help you stay ahead of attackers.

Out-of-the-box API Protection

Hundreds of predefined, customizable policies help ensure that your APIs are protected quickly and consistently.

Dynamic Updates

Findings are used to enhance policies which are then pushed dynamically to all customers to help maximize API protection.

Managed Detection & Response

An optional managed service that provides continuous threat monitoring and remediation to proactively detect and respond to advanced attacks targeting your APIs.

Join the Team

Looking to join our world-class team of threat hunting experts?

Stay Up-to-Date

Subscribe for more content and never miss an update!

Get an Attacker’s View
into Your Organization

New Research Discovers More Than 30% of All Malicious Attacks Target Shadow APIs. Learn more Arrow icon