At Black Hat USA 2022, Traceable AI introduced superior capabilities to handle extra particular sorts of API assaults, together with API abuse and abuse, fraud and malicious API bots, all of which pose critical information safety and compliance challenges inside organizations at present. contribute.
These extra capabilities allow organizations to detect, stop and remove these kinds of refined assaults to guard their information, monetary assets and repute.
Traceable’s enhanced information safety capabilities handle elementary enterprise and monetary dangers, and the operational downtime typically related to API information breaches. These assault varieties often come within the type of API abuse and fraud, account takeover and malicious API bots.
When it comes to options and capabilities with this launch, Traceable’s API safety platform offers organizations with the power to trace the quantity of delicate information traversing between APIs over time, and classify customers accessing information via the API. does (for instance, companions, information homeowners, menace actors). Safety and compliance groups may create customizable information units for enhanced information safety and compliance capabilities.
Enhanced detection accuracy can also be out there with varied sensors together with geolocation, Tor, botnets, proxies and malicious bots (eg, scrapers, spam, botnets). Extra capabilities embody elevated account acquisition or extreme login makes an attempt, and the power to detect fraud for bodily vital information (e.g., present playing cards, loyalty factors, free credit score, and extra). Most significantly, customers can set up a baseline of API sequences and person conduct to detect fraudulent actions.
“APIs are the largest assault vector for information loss, enterprise logic abuse and fraud in virtually each business,” mentioned Sanjay Nagaraj, CTO and co-founder of Traceable AI.
“Organizations are abusing extra APIs to govern account acquisitions, stock or worth manipulations, fraud in referrals or digital funds, or to weed out delicate information corresponding to Social Safety numbers and banking data. Along with a damaging monetary and model influence, these have critical penalties from a compliance standpoint. We perceive how vital it’s to forestall abuse and fraudulent actions via APIs and proceed to innovate our API safety platform. These newest platforms replace higher arm organizations towards these kinds of malicious threats,” Nagraj continued.
Traceable continues to construct on the prevailing capabilities of its API safety platform, together with:
- API discovery and safety posture: Traceable searches and identifies all exterior API endpoints and inner APIs in a data-rich catalog for visibility and identification of the group’s API property and dispersion. Shadow and orphan APIs are recognized, and customers are notified of any API modifications. It maps the app topology and information circulation, together with connectivity between edge APIs, inner companies, and information shops.
- Safety towards delicate information exfiltration: Safety groups can discover the place hackers acquire entry to delicate information utilizing software program bugs or CVEs. Perceive the circulation of transactions via purposes – from the sting to the information retailer and again – to reply and cut back threat. Organizations can reply to API threats with API bot mitigation – stopping customers and menace actors from monitoring runtime exploits.
- Searching Hazard: Traceable offers a set of safety and utility circulation evaluation that can be utilized by SOC groups or safety analysts. Groups can search out hidden IOCs and breaches, observe and hint suspicious customers’ actions, run autopsy evaluation of safety incidents, spot malicious customers, pace incident response, and low common for options Time.
“You will need to perceive the constraints of different API safety suppliers who acquire and analyze information in a totally out-of-band method – particularly in extremely regulated industries. It’s possible you’ll not meet compliance necessities or your organization might Can go away weak to breaches,” Nagaraj mentioned.
Versatile deployment choices:
- Utterly out-of-band assortment through community log evaluation from AWS, Google Cloud Platform (GCP), and Azure Cloud – particularly for extremely regulated industries.
- Assortment by instrumentation inside your API Gateway, Proxy, or Service Mesh.
- In-app information assortment by language-specific brokers via instruments or via socket filtering.
- Agent or agentless deployment relying on enterprise necessities.
Traceable’s frictionless platform could be deployed 100% on-premises in a totally air-gapped mannequin or delivered by SaaS or hosted in clients’ AWS, GCP and Azure cloud. Total, it was designed to course of and analyze API, utility communication and person conduct information on the cloud scale. Lastly, it’s designed to help very massive shopper deployments consisting of 1000’s of API endpoints and billions of API calls.
“The innovation of our platform makes dealing with the smallest to largest deployments even in essentially the most extremely regulated industries, which is almost unattainable with different API safety distributors,” Nagaraj mentioned.