Traceable AI Introduces New Capabilities to API Catalog for API Discovery and Risk Management
June 01, 2022

Traceable AI offers an enhanced API Catalog solution to enable organizations to overcome their challenges with API discovery and risk assessment.

Inventory of assets is the bedrock of every security program, and the first step in an API security journey begins with knowing your APIs. Security leaders need to automatically and continuously discover all APIs, identify sensitive data flows, and assess API risk exposure to manage API-related security threats. This calls for an actionable API Catalog that provides capabilities beyond traditional API discovery and inventory tools.

"Most organizations do not have an accurate account and up-to-date inventory of their APIs," said Traceable AI CEO and Co-founder Jyoti Bansal. "Shadow APIs can linger, and frequent releases by development teams makes it difficult for security teams to keep up and manage their risks and exposure. Automation of discovery and an always up-to-date inventory and cataloging of every API in the organization are critical first steps in detecting real-time changes and managing risks."

Organizations must be able to uncover sensitive data flows, perform conformance analysis, and assess the business risk of their APIs to proactively identify and evaluate the vulnerabilities used in their business logic.

Traceable AI's enhanced API Catalog provides th ree main benefits to Security, DevOps and Compliance teams:

- Security: Security teams get a real-time API catalog, including risk assessment of all the APIs and the associated data so they can obtain a comprehensive view of their attack surface and risk posture. This helps them prioritize API security issues that must be addressed.

- DevOps Teams: CI/CD integrations allow DevOps teams to address security issues the same way they would address quality issues in the testing process. With API Catalog, they can identify problems early in non-production environments and quickly fix them, as finding issues in production is far more expensive and time-consuming to remediate.

- Governance, Risk, Compliance: Most IT controls require an accurate and current API inventory. Now, with API Catalog, GRC teams have a real-time, accurate API inventory and visibility into sensitive data exposure, particularly as they answer to regulatory bodies. With the API Catalog, they can track all data correlated across disparate systems. This results in comprehensive audits and compliance efficiency.

APIs transmit huge amounts of sensitive data, but often, most security teams don't have sufficient visibility into their APIs or what data is potentially being exposed. Because the API landscape is continuously changing, often being deployed to different platforms, security now has to deal with API sprawl, and they can be caught flying blind with an inventory that is outdated. This introduces an unknown attack surface and increased risk to the organization on top of compliance concerns. By discovering all types of APIs and assessing their risk, organizations can obtain granular visibility and gain a greater understanding of their risk exposure.

The API Catalog solution provides DevSecOps with a single pane of glass for all APIs by showing all API activity in one place. The catalog prioritizes the most important and useful information first, as well as detailing potential risks and sensitive data exposure for all of the APIs that have been discovered. The API Catalog provides the ability to turn on the lights and make shadow APIs visible, including anything that is not going through API gateways. In order to keep up with DevOps teams, the API Catalog displays a live feed of all API changes. For instance, if an API is modified and released, Traceable captures the change and gives instant insight—headers added or any parameters that might have changed.

"An accurate API inventory is critical to many aspects of IT within organizations. Compliance, risk and privacy teams require this, particularly as they answer to regulatory bodies," said Bansal. "However, a number of organizations still do this manually and spend valuable time and resources on tedious cataloging tasks. Now is the time to choose automation and have an API inventory you can trust."

Traceable AI offers API Catalog in 3 tiers: free, team, and enterprise.

Share this

Industry News

August 18, 2022

GitHub Enterprise Server 3.6 is now generally available.

August 18, 2022

Opsera announced the availability of Opsera GitCustodian.

August 18, 2022

CircleCI announced the general availability of the CircleCI Visual Configuration Editor, an all-in-one open source project for configuration editing, including creating component definitions and usages.

August 17, 2022

Cloudera announced the launch of Cloudera Data Platform (CDP) One, an all-in-one data lakehouse software as a service (SaaS) offering that enables fast and easy self-service analytics and exploratory data science on any type of data.

August 17, 2022

Prosimo introduced a new NetDevOps Infrastructure-as-Code (IaC) Toolkit that enables enterprises to accelerate the deployment of cloud networking.

August 17, 2022

Aqua Security announced the addition of cloud security posture management (CSPM) capabilities to the open source tool Aqua Trivy.

August 16, 2022

Canonical welcomes the .NET development platform, one of Microsoft’s earliest contributions to open source projects, as a native experience on Ubuntu hosts and container images, starting in Ubuntu 22.04 LTS.

August 16, 2022

Veracode announced the launch of the Veracode Velocity Partner Program.

August 16, 2022

Render announced a new monorepository feature that enables its customers to keep all of their code in one super repository instead of managing multiple smaller repositories.

August 15, 2022

Gadget announced Connections, a major new feature that gives app developers access to building blocks that enable them to build and scale ecommerce apps in a fraction of the time, at a fraction of the cost.

August 15, 2022

Opsera is on the Salesforce AppExchange to help enterprise customers shorten software delivery cycles, improve pipeline quality and security, lower operations costs and better align software delivery to business outcomes.

August 15, 2022

Virtusa Corporation earned the DevOps with GitHub on Microsoft Azure advanced specialization, a validation of a services partner's deep knowledge, extensive experience and proven success in implementing secure software development practices applying DevOps principles and using Azure and GitHub solutions.

August 15, 2022

Companies looking to reduce their cloud costs with automated optimization can now easily procure CAST AI via Google Cloud Marketplace using their existing committed spend.

August 11, 2022

Granulate, an Intel Company, announced the upcoming launch of its latest free cost-reduction solution, gMaestro, a continuous workload and pod rightsizing tool for Kubernetes cost optimization.

August 11, 2022

Rezilion announced the availability of MI-X, a newly created open-source tool developed by Rezilion's vulnerability research team.