Broadcom announced the general availability of VMware Tanzu Platform 10 that establishes a new layer of abstraction across Cloud Foundry infrastructure foundations to make it easier, faster, and less expensive to bring new applications, including GenAI applications, to production.
Traceable AI announced enhanced capabilities to address more specific types of API attacks, including API abuse and misuse, fraud and malicious API bots, all of which contribute to serious data security and compliance challenges within organizations today.
These additional capabilities enable organizations to automatically detect, stop and eliminate these types of sophisticated attacks, to protect their data, financial resources, and reputation.
Traceable’s enhanced data security capabilities address the fundamental business and financial risks, and operational downtime often associated with API data breaches. These attack types typically come in the form of API abuse and fraud, account takeover, and malicious API bots.
In terms of features and capabilities with this release, Traceable’s API security platform provides organizations the ability to track volumes of sensitive data traversing between APIs over time, and categorize users accessing data through APIs (e.g., partners, data owners, threat actors). Security and compliance teams can also create customizable data sets for enhanced data protection and compliance capabilities. Enhanced detection accuracy is also available with various sensors including geolocation, Tor, botnet, proxy and malicious bots (e.g., scraper, spam, botnet). More capabilities include the ability to correlate with increases in account takeover or excessive login attempts, and detection of fraud for materially significant data (e.g., gift cards, loyalty points, free credits, and much more). Most importantly, users can establish a baseline of API sequences and user behavior to detect fraudulent activities.
“APIs are the largest attack vector for data loss, business logic abuse and fraud in nearly every industry,” stated CTO and co-founder of Traceable AI, Sanjay Nagaraj. “Organizations are seeing more APIs being abused for account takeovers, manipulate inventory or prices, fraud in referral or digital payments or exfiltrate sensitive data such as social security numbers and banking information. These have serious consequences from a compliance standpoint, in addition to a negative financial and brand impact. We recognize how important it is to prevent abuse and fraudulent activities via API's and continue to innovate our API Security Platform. These latest platform updates better arm organizations against these types of malicious threats.”
Traceable continues to build on its API Security Platform’s existing capabilities, which includes:
- API Discovery and Security Posture: Traceable automatically discovers and identifies all external API endpoints and internal APIs in a data-rich catalog for complete visibility and identification of organizations’ API estate and sprawl. Shadow and orphaned APIs are identified, and users are notified of any API changes. It maps app topologies and data flows, including connectivity between edge APIs, internal services, and data stores.
- Protection against Sensitive Data Exfiltration: Security teams can immediately detect where hackers gain access to sensitive data by exploiting software bugs or CVEs. Understand the flow of transactions through the application - from the edge to the data store and back - to quickly respond and mitigate risk. Organizations can respond to API threats with API bot mitigation - preventing runtime exploitation tracking users and threat actors.
- Threat Hunting: Traceable provides a rich set of security and application flow analytics, which can be used by SOC teams or security analysts. Teams can hunt for hidden IOCs and breaches, track and trace activities of suspicious users, run post-mortem analyses of security incidents, spot malicious users, speed incident response, and lower mean time to resolution.
“It is important to understand the limitations of other API security providers that collect and analyze data in a purely out-of-band manner - especially in highly regulated industries. You may not meet compliance requirements or may leave your company vulnerable to breaches,” stated Nagaraj.
- Flexible Deployment Options: Fully out-of-band collection via network log analysis of AWS, Google Cloud Platform (GCP), and Azure clouds - specifically for highly regulated industries.
* Collection by instrumentation within your API gateway, proxies, or service mesh.
* In-app data collection through instrumentation by language-specific agents or via socket filtering.
* Agent or agentless deployment depending on business requirements.
Traceable’s frictionless platform can be deployed 100% on-premises in a fully air-gapped model or can be delivered by SaaS or hosted in customers’ AWS, GCP, and Azure clouds. Overall, it was designed to process and analyze APIs, application communication and user behavior data at cloud scale. Lastly, it is designed to support very large customer deployments consisting of thousands of API endpoints and billions of API calls.
“Our platform’s innovation handles the smallest to the largest of deployments even in the most highly regulated industries, which is nearly impossible with other API security vendors,” added Nagaraj.
Industry News
Tricentis announced the expansion of its test management and analytics platform, Tricentis qTest, with the launch of Tricentis qTest Copilot.
Redgate is introducing two new machine learning (ML) and artificial intelligence (AI) powered capabilities in its test data management and database monitoring solutions.
Upbound announced significant advancements to its platform, targeting enterprises building self-service cloud environments for their developers and machine learning engineers.
Edera announced the availability of Am I Isolated, an open source container security benchmark that probes users runtime environments and tests for container isolation.
Progress announced 10 years of partnership with emt Distribution — a leading cybersecurity distributor in the Middle East and Africa.
Port announced $35 million in Series B funding, bringing its total funding to $58M to date.
Parasoft has made another step in strategically integrating AI and ML quality enhancements where development teams need them most, such as using natural language for troubleshooting or checking code in real time.
MuleSoft announced the general availability of full lifecycle AsyncAPI support, enabling organizations to power AI agents with real-time data through seamless integration with event-driven architectures (EDAs).
Numecent announced they have expanded their Microsoft collaboration with the launch of Cloudpager's new integration to App attach in Azure Virtual Desktop.
Progress announced the completion of the acquisition of ShareFile, a business unit of Cloud Software Group, providing a SaaS-native, AI-powered, document-centric collaboration platform, focusing on industry segments including business and professional services, financial services, industrial and healthcare.
Incredibuild announced the acquisition of Garden, a provider of DevOps pipeline acceleration solutions.
The Open Source Security Foundation (OpenSSF) announced an expansion of its free course “Developing Secure Software” (LFD121).
Redgate announced that its core solutions are listed in Amazon Web Services (AWS) Marketplace.
LambdaTest introduced a suite of new features to its AI-powered Test Manager, designed to simplify and enhance the test management experience for software development and QA teams.