Traceable AI Updates API Security Platform
August 09, 2022

Traceable AI announced enhanced capabilities to address more specific types of API attacks, including API abuse and misuse, fraud and malicious API bots, all of which contribute to serious data security and compliance challenges within organizations today.

These additional capabilities enable organizations to automatically detect, stop and eliminate these types of sophisticated attacks, to protect their data, financial resources, and reputation.

Traceable’s enhanced data security capabilities address the fundamental business and financial risks, and operational downtime often associated with API data breaches. These attack types typically come in the form of API abuse and fraud, account takeover, and malicious API bots.

In terms of features and capabilities with this release, Traceable’s API security platform provides organizations the ability to track volumes of sensitive data traversing between APIs over time, and categorize users accessing data through APIs (e.g., partners, data owners, threat actors). Security and compliance teams can also create customizable data sets for enhanced data protection and compliance capabilities. Enhanced detection accuracy is also available with various sensors including geolocation, Tor, botnet, proxy and malicious bots (e.g., scraper, spam, botnet). More capabilities include the ability to correlate with increases in account takeover or excessive login attempts, and detection of fraud for materially significant data (e.g., gift cards, loyalty points, free credits, and much more). Most importantly, users can establish a baseline of API sequences and user behavior to detect fraudulent activities.

“APIs are the largest attack vector for data loss, business logic abuse and fraud in nearly every industry,” stated CTO and co-founder of Traceable AI, Sanjay Nagaraj. “Organizations are seeing more APIs being abused for account takeovers, manipulate inventory or prices, fraud in referral or digital payments or exfiltrate sensitive data such as social security numbers and banking information. These have serious consequences from a compliance standpoint, in addition to a negative financial and brand impact. We recognize how important it is to prevent abuse and fraudulent activities via API's and continue to innovate our API Security Platform. These latest platform updates better arm organizations against these types of malicious threats.”

Traceable continues to build on its API Security Platform’s existing capabilities, which includes:

- API Discovery and Security Posture: Traceable automatically discovers and identifies all external API endpoints and internal APIs in a data-rich catalog for complete visibility and identification of organizations’ API estate and sprawl. Shadow and orphaned APIs are identified, and users are notified of any API changes. It maps app topologies and data flows, including connectivity between edge APIs, internal services, and data stores.

- Protection against Sensitive Data Exfiltration: Security teams can immediately detect where hackers gain access to sensitive data by exploiting software bugs or CVEs. Understand the flow of transactions through the application - from the edge to the data store and back - to quickly respond and mitigate risk. Organizations can respond to API threats with API bot mitigation - preventing runtime exploitation tracking users and threat actors.

- Threat Hunting: Traceable provides a rich set of security and application flow analytics, which can be used by SOC teams or security analysts. Teams can hunt for hidden IOCs and breaches, track and trace activities of suspicious users, run post-mortem analyses of security incidents, spot malicious users, speed incident response, and lower mean time to resolution.

“It is important to understand the limitations of other API security providers that collect and analyze data in a purely out-of-band manner - especially in highly regulated industries. You may not meet compliance requirements or may leave your company vulnerable to breaches,” stated Nagaraj.

- Flexible Deployment Options: Fully out-of-band collection via network log analysis of AWS, Google Cloud Platform (GCP), and Azure clouds - specifically for highly regulated industries.
* Collection by instrumentation within your API gateway, proxies, or service mesh.
* In-app data collection through instrumentation by language-specific agents or via socket filtering.
* Agent or agentless deployment depending on business requirements.

Traceable’s frictionless platform can be deployed 100% on-premises in a fully air-gapped model or can be delivered by SaaS or hosted in customers’ AWS, GCP, and Azure clouds. Overall, it was designed to process and analyze APIs, application communication and user behavior data at cloud scale. Lastly, it is designed to support very large customer deployments consisting of thousands of API endpoints and billions of API calls.

“Our platform’s innovation handles the smallest to the largest of deployments even in the most highly regulated industries, which is nearly impossible with other API security vendors,” added Nagaraj.

Share this

Industry News

September 29, 2022

CloudBees announced the acquisition of ReleaseIQ to expand the company’s DevSecOps capabilities, empowering customers with a low-code, end-to-end release orchestration and visibility solution.

September 29, 2022

SmartBear continues expanding its commitment to the Atlassian Marketplace, adding Bugsnag for Jira and SwaggerHub Integration for Confluence.

Bugsnag developers monitoring application stability and documenting in Jira no longer need to interrupt their workflow to access the app. Developers working in SwaggerHub can use the macro to push API definitions and changes directly to other teams and business stakeholders that work within Confluence. By increasing the presence of SmartBear tools on the Atlassian Marketplace, the company continues meeting developers where they are.

September 29, 2022

Ox Security exited stealth today with $34M in funding led by Evolution Equity Partners, Team8, and M12, Microsoft's venture fund, with participation from Rain Capital.

September 29, 2022

cnvrg.io announced that the new Intel Developer Cloud is now available via the cnvrg.io Metacloud platform, providing a fully integrated software and hardware solution.

September 28, 2022

Kong introduced a number of new performance, security and extensibility features across its entire product portfolio, including major new releases of Kong Gateway, Kong Konnect, Kong Mesh, Kong Insomnia and Kong Ingress Controller, as well as new projects from the Kong Incubator.

September 28, 2022

BroadPeak Partners announced the availability of the new K3 API Connector.

September 28, 2022

Aqua Security announced a new end-to-end software supply chain security solution.

September 27, 2022

DevOps Institute will host SKILup Festival in Singapore on November 15, 2022.

September 27, 2022

Delinea announced the latest release of DevOps Secrets Vault, its high-speed vault for DevOps and DevSecOps teams.

September 27, 2022

The Apptainer community announced version 1.1.0 of the popular container system for secure, high-performance computing (HPC). Improvements in the new version provide a smaller attack surface for production deployments while offering features that improve and simplify the user experience.

September 26, 2022

Secure Code Warrior unveiled Coding Labs, a new mechanism that allows developers to more easily move from learning to applying secure coding knowledge, leading to fewer vulnerabilities in code.

September 26, 2022

ActiveState announced the availability of the ActiveState Artifact Repository.

September 26, 2022

Split Software announced the availability of its Feature Data Platform in the Microsoft Azure Marketplace.

September 22, 2022

Katalon announced the launch of the Katalon Platform, a modern and comprehensive software quality management platform that enables teams of any size to easily and efficiently test, launch, and optimize apps, products, and software.

September 22, 2022

StackHawk announced its Deeper API Security Test Coverage release.