Traceable AI Platform Update Addresses API-based Security, Fraud

Traceable AI, an API security and observability company, announced enhanced capabilities to address more specific types of API attacks, including API abuse and misuse, fraud and malicious API bots, all of which contribute to serious data security and compliance challenges within organizations.

These additional capabilities enable organizations to detect, stop and eliminate these types of attacks, to protect their data, financial resources, and reputation.

Traceable’s enhanced data security capabilities address the fundamental business and financial risks, and operational downtime often associated with API data breaches. These attack types typically come in the form of API abuse and fraud, account takeover and malicious API bots.

In terms of features and capabilities, Traceable’s API security platform provides organizations the ability to track volumes of sensitive data traversing between APIs over time, and categorize users accessing data through APIs (e.g., partners, data owners, threat actors).

Security and compliance teams can create customizable data sets for enhanced data protection and compliance capabilities. Enhanced detection accuracy is available with sensors including geolocation, Tor, botnet, proxy and malicious bots.

More capabilities include the ability to correlate with increases in account takeover or excessive login attempts, and detection of fraud for materially significant data. Most importantly, users can establish a baseline of API sequences and user behavior to detect fraudulent activities.

Traceable continues to build on its API Security Platform’s existing capabilities, which include:

  1. API Discovery and Security PostureTraceable discovers and identifies all external API endpoints and internal APIs in a data-rich catalog for complete visibility and identification of organizations’ API estate and sprawl. Shadow and orphaned APIs are identified, and users are notified of any API changes. It maps app topologies and data flows, including connectivity between edge APIs, internal services, and data stores.
  2. Protection against Sensitive Data ExfiltrationSecurity teams can detect where hackers gain access to sensitive data by exploiting software bugs or CVEs. Understand the flow of transactions through the application ­ from the edge to the data store and back – to respond and mitigate risk. Organizations can respond to API threats with API bot mitigation – preventing runtime exploitation by tracking users and threat actors.
  3. Threat Hunting – Traceable provides a rich set of security and application flow analytics, which can be used by SOC teams or security analysts. Teams can hunt for hidden IOCs and breaches, track and trace activities of suspicious users, run post-mortem analyses of security incidents, spot malicious users, speed incident response, and lower the mean time to resolution.
  4. Flexible Deployment Options –
  5. Fully out-of-band collection via network log analysis of AWS, Google Cloud Platform (GCP), and Azure clouds – specifically for highly regulated industries.
  6. Collection by instrumentation within your API gateway, proxies, or service mesh.
  7. In-app data collection through instrumentation by language-specific agents or via socket filtering.
  8. Agent or agentless deployment depending on business requirements.

Traceable’s frictionless platform can be deployed 100 percent on-premises in an air-gapped model or can be delivered by SaaS or hosted in customers’ AWS, GCP, and Azure clouds. Overall, it was designed to process and analyze APIs, application communication and user behavior data at cloud scale. Lastly, it is designed to support very large customer deployments consisting of thousands of API endpoints and billions of API calls. For a demo of the Traceable API Security Platform, click here.