Traceable AI Updates API Security Platform
August 09, 2022

Traceable AI announced enhanced capabilities to address more specific types of API attacks, including API abuse and misuse, fraud and malicious API bots, all of which contribute to serious data security and compliance challenges within organizations today.

These additional capabilities enable organizations to automatically detect, stop and eliminate these types of sophisticated attacks, to protect their data, financial resources, and reputation.

Traceable’s enhanced data security capabilities address the fundamental business and financial risks, and operational downtime often associated with API data breaches. These attack types typically come in the form of API abuse and fraud, account takeover, and malicious API bots.

In terms of features and capabilities with this release, Traceable’s API security platform provides organizations the ability to track volumes of sensitive data traversing between APIs over time, and categorize users accessing data through APIs (e.g., partners, data owners, threat actors). Security and compliance teams can also create customizable data sets for enhanced data protection and compliance capabilities. Enhanced detection accuracy is also available with various sensors including geolocation, Tor, botnet, proxy and malicious bots (e.g., scraper, spam, botnet). More capabilities include the ability to correlate with increases in account takeover or excessive login attempts, and detection of fraud for materially significant data (e.g., gift cards, loyalty points, free credits, and much more). Most importantly, users can establish a baseline of API sequences and user behavior to detect fraudulent activities.

“APIs are the largest attack vector for data loss, business logic abuse and fraud in nearly every industry,” stated CTO and co-founder of Traceable AI, Sanjay Nagaraj. “Organizations are seeing more APIs being abused for account takeovers, manipulate inventory or prices, fraud in referral or digital payments or exfiltrate sensitive data such as social security numbers and banking information. These have serious consequences from a compliance standpoint, in addition to a negative financial and brand impact. We recognize how important it is to prevent abuse and fraudulent activities via API's and continue to innovate our API Security Platform. These latest platform updates better arm organizations against these types of malicious threats.”

Traceable continues to build on its API Security Platform’s existing capabilities, which includes:

- API Discovery and Security Posture: Traceable automatically discovers and identifies all external API endpoints and internal APIs in a data-rich catalog for complete visibility and identification of organizations’ API estate and sprawl. Shadow and orphaned APIs are identified, and users are notified of any API changes. It maps app topologies and data flows, including connectivity between edge APIs, internal services, and data stores.

- Protection against Sensitive Data Exfiltration: Security teams can immediately detect where hackers gain access to sensitive data by exploiting software bugs or CVEs. Understand the flow of transactions through the application - from the edge to the data store and back - to quickly respond and mitigate risk. Organizations can respond to API threats with API bot mitigation - preventing runtime exploitation tracking users and threat actors.

- Threat Hunting: Traceable provides a rich set of security and application flow analytics, which can be used by SOC teams or security analysts. Teams can hunt for hidden IOCs and breaches, track and trace activities of suspicious users, run post-mortem analyses of security incidents, spot malicious users, speed incident response, and lower mean time to resolution.

“It is important to understand the limitations of other API security providers that collect and analyze data in a purely out-of-band manner - especially in highly regulated industries. You may not meet compliance requirements or may leave your company vulnerable to breaches,” stated Nagaraj.

- Flexible Deployment Options: Fully out-of-band collection via network log analysis of AWS, Google Cloud Platform (GCP), and Azure clouds - specifically for highly regulated industries.
* Collection by instrumentation within your API gateway, proxies, or service mesh.
* In-app data collection through instrumentation by language-specific agents or via socket filtering.
* Agent or agentless deployment depending on business requirements.

Traceable’s frictionless platform can be deployed 100% on-premises in a fully air-gapped model or can be delivered by SaaS or hosted in customers’ AWS, GCP, and Azure clouds. Overall, it was designed to process and analyze APIs, application communication and user behavior data at cloud scale. Lastly, it is designed to support very large customer deployments consisting of thousands of API endpoints and billions of API calls.

“Our platform’s innovation handles the smallest to the largest of deployments even in the most highly regulated industries, which is nearly impossible with other API security vendors,” added Nagaraj.

Share this

Industry News

March 27, 2024

WaveMaker has updated its platform in response to customer demand for more sophisticated API and code management tools.

March 27, 2024

Vercara announced the launch of UltraAPI™, a product suite that protects APIs and web applications from malicious bots and fraudulent activity while ensuring regulatory compliance.

March 27, 2024

Legit Security announced the launch of its standalone enterprise secrets scanning product, which can detect, remediate, and prevent secrets exposure across the software development pipeline.

March 26, 2024

Progress announced a strategic partnership with Veeam® Software, the #1 leader by market share in Data Protection and Ransomware Recovery, to provide customers with an enterprise-ready cyber defense solution that strengthens the security of their business-critical data.

March 26, 2024

GitGuardian released its Software Composition Analysis (SCA) module.

March 26, 2024

DataStax announced a milestone in its journey to simplify enterprise retrieval-augmented generation (RAG) for developers by integrating with Microsoft Semantic Kernel.

March 25, 2024

Check Point® Software Technologies Ltd. is collaborating with NVIDIA to enhance the security of AI cloud infrastructure. Integrating NVIDIA BlueField DPUs, which feature a broad range of purpose-built, innovative security capabilities, the new Check Point AI Cloud Protect solution will help prevent threats at both the network and host levels.

March 25, 2024

Sentry announced the release of Autofix, an AI-powered feature to debug and fix code in minutes, saving important time and resources.

March 25, 2024

Apiiro announced a product integration and partnership with Secure Code Warrior, the agile developer security training platform, to extend its ASPM technology and processes to the people layer.

March 21, 2024

Progress announced that Progress® Semaphore™, its metadata management and semantic AI platform, was named a Champion in SoftwareReviews’ 2024 Metadata Management Emotional Footprint Awards.

March 21, 2024

The Cloud Native Computing Foundation® (CNCF®) has partnered with Udemy, an online skills marketplace and learning platform.

March 21, 2024

GitLab has acquired Oxeye, the provider of a cloud-native application security and risk management solution.

March 21, 2024

GitHub announced that code scanning autofix, powered by GitHub Copilot and CodeQL, is available in public beta for all GitHub Advanced Security (GHAS) customers.

March 21, 2024

NetApp is collaborating with NVIDIA to advance retrieval-augmented generation (RAG) for generative AI applications.

March 21, 2024

CalypsoAI launched the CalypsoAI Platform, an advanced SaaS-based security and enablement solution for generative AI applications within the enterprise.