Traceable AI Launches Industry’s First Free API Security Solution
SAN FRANCISCO, August 3, 2021 / PRNewswire / – Traceable AI, the leader in API security protection, today announced the launch of the industry’s first free API security solution. Unique in its offering, Traceable’s free API security solution enables developers and security operations teams to start improving API security for their applications without the need for budget approval. With this new offering, Traceable AI aims to enable everyone to make progress in solving the API security crisis.
While knowing that API security should be an essential part of their application development, DevOps teams are often left handicapped by inadequate tools and budgets to properly meet their needs. This has put the software industry into an API security crisis.
By the Gartner that just came outÂ® Hype cycleâ¢ for APIs and business ecosystems, 2021 report: âEvery mobile, modern, cloud-hosted application uses and exposes APIs. These APIs are used to access data and to invoke application functionality. APIs are easy to expose but difficult to defend. This creates a large and growing attack surface. , leading to a growing number of high-profile API attacks and breaches. Traditional network and web protection tools do not protect against all of the security threats APIs face, including many of those described in the Top 10 OWASP API Security. ”
In the report, Gartner further states, âBecause APIs are typically used to access data or application functionality, often related to systems of record, the impact of an API violation can be substantial. Privacy regulations generally require a report if private data is breached by an unsecured API. APIs are easily and intentionally programmable, so a vulnerability can leak large amounts of data. The fact that it can be difficult to separate the use of a valid API from malicious access increases the risk of blocking valid use. ”
Despite frequent high-profile violations such as platoon and LinkedIn, organizations on average allocate only About 6% of their overall IT spend is on security, which doesn’t prepare them for the explosion in API adoption and associated security risks.
With the free API security solution offered by Traceable AI, these teams now have the ability to use a free enterprise-grade solution to gain visibility, protection and analytical insights into their APIs.
Using its distributed tracing and unsupervised machine learning technologies, Traceable AI solves these problems by learning the application context and normal behaviors. Unlike web application firewalls (WAFs) which rely on static threat signatures from known attacks, deep API insights and ML enhanced anomaly detection enable the Traceable tier offering AI Free to detect and block known (such as Top 10 OWASP) and unknown threats without signature settings but minimal false positives.
âAPI security threats are becoming pervasive and increasing in frequency. API security is an emerging area, and application and security teams need to understand how to address this unique issue in their business models. WAFs and API gateways are simply not enough to overcome them. emerging threats and it is high time for us to have a real solution that fixes the problem rather than just applying a band-aid. Our free offering has API security benefits without the budget pressure these teams often face. We hope that access there will encourage widespread adoption of API security practices and help teams truly understand and address API-based security threats, âsaid Jyoti Bansal, CEO and co-founder of Traceable AI.
The free deployable self-service version of Traceable AI includes:
- Continuous discovery and inventory of all APIs, including phantom and orphan APIs
- Real-time, automatic API Documentation including parameter details, usage patterns and reported API changes
- Insights in API runtime behavior, including API usage patterns, user details, and where sensitive data is exposed
- Continuously updated API risk scores based on the likelihood and impact of abuse
- API and web application protection (OWASP Top 10) optimized by ML anomaly detection for a low number of false positives without signature maintenance
- Real time API vulnerability detection API configuration errors to prevent malicious exploitation by cybercriminals
- API performance metrics to establish normal behavior versus abnormal behavior, including number of calls, frequency of calls, and distribution of errors and latency
- Block threats based on threat actor, IP range, anomaly detection + signatures
For larger scale environments and more advanced features, customers can also upgrade to the Team or Enterprise levels offered by Traceable AI.
One year after the company’s initial launch, Traceable AI has been deployed in multiple customer environments, paving the way for the adoption of API security practices. One of these clients, Houwzer, provides its clients with an end-to-end digital real estate and mortgage brokerage platform. It was important for Houwzer to ensure a secure platform to prevent bad actors from gaining unauthorized access to private and sensitive customer information and to ensure compliance with all regulatory authorities.
âHouwzer faces a high-stakes threat landscape and an extremely complex regulatory environment. Ensuring data security and compliance is absolutely essential to the continuity and success of our business, âsaid Greg Phillips, CTO at Howzer. âWith Traceable AI, we’ve gone from blocking zero threats to automatically blocking hundreds of threats. We’ve been able to secure our customer data, prevent breaches, and this has helped our development and security teams work collaboratively to tackle API-based threats. Traceable AI also allows us to seamlessly comply with 21 different licenses. It changed the game. All this without hiring a dedicated security team as we grow our business. “
To get more features and achieve greater scalability, Traceable AI also offers Team and Enterprise editions. To learn more or to get started with the free solution, visit https://www.traceable.ai/free.
Gartner, ‘Hype Cycle for APIs and Business Ecosystems, 2021’, Mark O’Neill, Jean Santoro, July 27, 2021
Gartner and Hype Cycle are registered trademarks and service marks of Gartner, Inc. and / or its subsidiaries in the United States and around the world, and are used here with permission. All rights reserved.
About traceable AI
Modern applications are extremely difficult to secure and protect. Microservices, APIs, and cloud services are complex and constantly evolving. Traceability allows security to keep pace with the engineering and the continuous pace of change and protect modern applications against modern threats. Traditional security solutions like web application firewalls are too static and too slow to react and respond with new rules to ever-changing applications and threats. Traceable applies the power of machine learning and distributed tracing to understand the DNA application, how it evolves and where there are anomalies in order to detect and block threats, making businesses more secure and resilient. Learn more about https://traceable.ai.