Traceable AI, announced the introduction of the industry’s first free API security solution. Unique in its offering, Traceable’s free API security solution enables developers and security operations teams to get started improving the API security of their applications without the need for budgetary approval. With this new offering, Traceable AI aims to enable everyone to make progress on solving the API security crisis.
Despite knowing that API security needs to be a critical component of developing their applications, DevOps teams often remain handicapped by inadequate tools and budgets to properly address their needs. This has put the software industry in an API security crisis.
Per the just released Gartner® Hype Cycle™ for APIs and Business Ecosystems, 2021 report, “Every connected mobile, modern web or cloud-hosted application uses and exposes APIs. These APIs are used to access data and to call application functionality. APIs are easy to expose but difficult to defend. This creates a large and growing attack surface, leading to a growing number of publicized API attacks and breaches. Traditional network and web protection tools do not protect against all the security threats facing APIs, including many of those described in the OWASP API Security Top 10.”
In the report, Gartner further states “Because APIs are typically used for access to data or application functionality, often linked to systems of record, the impact of an API breach can be substantial. Privacy regulations typically require reporting if private data is breached through an insecure API. APIs are easily and intentionally programmable, so a vulnerability can leak large volumes of data. That it can be challenging to separate valid API use from nefarious access raises the risk of blocking valid use.”
Despite frequent high profile breaches such as Peloton and LinkedIn, organizations on average only allocate about 6% of their overall IT spend towards security — leaving them unprepared to manage the explosion of API adoption and the associated security risks.
With the free API security solution offered by Traceable AI, these teams now have the option to use a free enterprise-grade solution to gain visibility, protection, and analytical insights into their APIs.
Powered by its distributed tracing and unsupervised machine learning technologies, Traceable AI addresses these problems by learning the application context and normal behaviors. Unlike Web Application Firewalls (WAFs) that rely on static threat signatures of known attacks, deep API insights and ML enhanced anomaly detection enable the Traceable AI Free tier offering to detect and block known (such as the OWASP Top 10) and unknown threats with no signature tuning yet minimal false positives.
“API security threats are becoming pervasive and increasing in frequency. API security is an emerging field, and application and security teams need to understand how to address this problem unique to their business models. WAFs and API gateways simply aren’t enough to overcome these emerging threats and it’s past time for us to have a real-solution that solves the problem rather than just apply a band-aid. Our free offering introduces API security benefits without the budget pressure that these teams often face. We hope access to it will encourage widespread adoption of API security practices and help teams to truly understand and address API-based security threats,” said Jyoti Bansal, CEO and Co-Founder of Traceable AI.
The self-service deployable free version of Traceable AI includes:
- Continuous discovery and inventory of all APIs, including shadow and orphaned APIs
- Real-time, automatic API documentation including parameter details, usage patterns, and API changes flagged
- Insights into API runtime behavior, including API usage patterns, user details, and where sensitive data is being exposed
- Continuously updated API risk scores based on likelihood and impact of abuse
- API & web application protection (OWASP Top 10) powered by ML anomaly detection for low false positives without signature maintenance
- Real-time API vulnerability detection of API misconfigurations to prevent malicious exploitation by cybercriminals
- API performance metrics for establishing normal vs abnormal behavior, including number of calls, call frequency, and error and latency distribution
- Block threats based on threat actor, IP range, anomaly detection + signatures
For larger scale environments and more advanced features, Customers can also upgrade to the Team or Enterprise tiers offered by Traceable AI.
One year since the initial company launch, Traceable AI has been deployed in several customer environments, pioneering the way for the adoption of API Security practices. One such customer, Houwzer, provides an end-to-end digital real-estate and mortgage brokerage platform to its clients. It was important for Houwzer to ensure a secure platform to prevent bad actors from gaining unauthorized access to its clients’ private and sensitive information and ensure compliance with all regulatory authorities.
“Houwzer faces a high-stakes threat landscape and an extremely complex regulatory environment. Ensuring data security and compliance is absolutely critical to our business continuity and success,” said Greg Phillips, Chief Technology Officer at Houwzer. “With Traceable AI, we went from blocking zero threats to automatically blocking hundreds of threats. We have been able to secure our customer data, prevent breaches, and it has helped our development and security teams work collaboratively on addressing API based threats. Traceable AI also empowers us to seamlessly comply with 21 different licenses. It’s been a game changer. All this, without hiring a dedicated security team as we scale our business.”
To obtain more features and achieve broader scalability, Traceable AI also offers Team and Enterprise editions. To learn more or to get started with the free solution, visit https://www.traceable.ai/free.
Gartner, ‘Hype Cycle for APIs and Business Ecosystems, 2021’, Mark O’Neill, John Santoro, July 27, 2021
Image licensed by unsplash.com