September 2021 Product Update

Hello there ! A quick announcement on a new feature in our Fall 1 release. 

Traceable Platform Agents and Tracing Agents are released asynchronously from the platform features and they can be found here

🎉RBAC - Feature 

Three new roles in the product for your API Security use cases

Account owner - Manages Traceable account - Adding/Deleting regular users, assigning privileges, product tiers, licensing, and so on.

Security administrator - Typically InfoSec/Product security admins who configures the security policies, investigates the attacks, keeps track of security events, and so on.

Developer - Devs in the engineering org who want to view and understand the risks associated with the APIs that s/he has developed. 

Why it matters: Different personas within the organization use Traceable for different reasons so it is important relevant folks have access to the relevant portions of the product. This is basic RBAC, more on this later :)

July 2021 Product Updates

Hello there ! More updates from our big summer release. Thank you for supporting Traceable and providing candid feedback. As a result, we've made countless adjustments but here are the big ticket items including the Industry's first Free API security offering. Keep the feedback coming!

Traceable Platform Agents and Tracing Agents are released asynchronously from the platform features and they can be found here

🎉Free API Security - Announcement

  • Free Tier access forever 
  • Upto 40 API Endpoints, API Discovery, Insights, Risks and a lot more 
  • Free and Team tiers in addition to Enterprise tier
  • Free 15 day trial of Team tier 
  • Why it matters: API Security Impacts all of us. We want to enable Developers and Security Operations teams to adopt world-class API security for their applications, regardless of budget.

🎉Self Service Experience - Announcement

  • Simplified instructions for Traceable Platform Agent (VM’s, K8s) and Tracing Agent (Nginx, K8s, Java) installs 
  • Platform provides updates of installation progress
  • Users can onboard themselves and others within their teams
  • Available playground environment, with a rich API data set from a typical application, allows you to experience the full capabilities of the product without instrumenting your application
  • Why it matters:  Security Teams rely on Devops and Developers to install agents, having a simplified and automated process for agent installations eases the process for security teams within the organization. 

Enhancements to In-App Protection - Features

  • Blocked events log & analysis in the UI
  • Weekly security report
  • Custom rules & signature definitions
  • Flexible false-positive exclusion workflow
  • Monitored users highlights
  • Why it matters: Better, higher quality protection with fewer false positives and easier way to analyze detected security events

API Intelligence Dashboard - Features

  • New API Intelligence dashboard is available
  • Summarized view of API endpoints based on call volume and risk scores
  • Why it matters: Developers and DevOps need a quick way to understand the risks in their APIs and applications to be able to prioritize which of them need to be fixed first.


May 2021 Product Updates

Hello there ! Here are some of the key items from our spring release. We have brought in key features in the product based on your inputs and key innovations we believe are needed in API security. Keep the feedback coming!

Traceable Platform Agents and Tracing Agents are released asynchronously from the platform features and they can be found here

API Protection Enhancements - Improvement

  • Blocked events UI
  • User session API flow within security event screen
  • Why it matters: Blocked events allows customers to audit and tune the rules and emphasizes the proactive nature of Traceable protection. API events in the security view  shows the value of Tracing and helps investigate vulnerabilities.

API Discovery and Risk - Feature

  • API filtering based on sensitive data types
  • Why it matters: This is one of the first steps towards data flow tracing and allows customers to identify APIs that handle specific types of sensitive data, especially where they are not supposed to be accessing them. 

Custom Alerting - Feature

  • Traceable will alert you on several key activities - 

    • Blocked Event
    • Threat Actor activity
    • Security event detection
  • Why it matters: Infosec and SecOps teams need to be notified in real time about key security events so they can take remedial actions as needed.

Sensitive Data Redaction - Feature

  • Customer specific redaction rules
  • Multiple match criteria - header, key, value, etc
  • Actions tailored to customer specific privacy requirements
  • Why it matters: If you have privacy concerns about your sensitive data being sent to our platform you can redact, obfuscate or collect the data based on different granular filters.

Agent Inventory - Feature

  • Complete Traceable Platform Agent and tracing agents inventory
  • Platform Agent which maps to Hosts
  • Tracing agent which maps to Services
  • Versions, environment, and health status of each agent
  • Why it matters: Having a complete inventory of your Traceable Platform and tracing agents helps you to manage them better and more efficiently (eg. making decisions on upgrades, understanding the status of each one, and easier troubleshooting in the case of errors.). 

 

Jan. 18, 2021 - Release Notes

Good morning! Holy toledo, there is a lot to share with our first release notes. Thank you for supporting Traceable and providing candid feedback. As a result, we've made countless adjustments but here's the big ticket items. Keep the feedback coming!

New Protocol Support  New 

  • GraphQL
  • API Definition and Parameter Insight now available
  • Why it matters: GraphQL is a popular newer protocol optimized for data; GraphQL queries smoothly follow references between multiple resources. getting all the data your app needs in a single request.

Agent Improvement  Improvement 

  • Java OTel agent - full feature parity with the old Java agent
  • NGINX Ingress controller support
  • Ability to exclude urls from detection based on a regular expression
  • Known issues 😞 
    • golang agents do not currently support blocking
  • Why it matters: OTel (Open Telemetry) is a newer standards and provides better performance, improved management, and interoperability with other distributed tracing and performance monitoring tools. NGINX Ingress is a popular technology for routing inbound calls within K8s environment. Excluding a url from detection allows customers to reduce their processing and licensing by not protection low risk / high volume endpoints.

Enterprise readiness Improvement 

  • SAML integration (integration with Okta, ADFS and other enterprise SSO tools)
  • Usage monitoring
  • Business continuity plan in place and reports are available
  • Traceable security assessment conducted and the report available
  • Configure UserID detection without needing to touch the customer collector
  • Why it matters:  Enterprises can use their existing authentication systems to connect their employees to Traceable management console; with usage monitoring, customers are presented with information on the number of system calls & whether their current usage is in line with their Traceable license; Business continuity and security processes will have customer compliance.

Improved protection Improvement 

  • FP exclusions list management in the UI
  • Immediate blocking for known ‘bad’ patterns
  • Detect possible scanners
  • Include user location information with traces and security events
  • Known issues 😞 
    • Automated threat blocking is not yet supported
  • Why it matters:  This is work toward feature parity with the leading WAF/ RASP solutions. Immediate blocking reduces latency and allows blocking of attackers before full learning is complete. Scanner detection helps eliminate noise and focus on important issues.

API Discovery and Risk New 

  • API change management
  • Why it matters:  Any new parameters in the requests or responses or API endpoints with changes are flagged. Security team can focus on potential risk of the new or changed API endpoints.

Addressed Deficiencies Improvement 

  • Users can now be deleted from the UI
  • Eliminated requirements for a defined container ports for sidecar deployment

Have a great day!

Until next time,

The Traceable Team

We're starting a Changelog!

Hello There!

🎉 Big news today: we're starting a public changelog, so you're always up-to-date with releases, happenings, improvements, and fixes made in Traceable AI.

We base all of our decisions on making you, our customer, successful. Therefore, it's our job to make sure you are fully informed about product updates and changes.

That feature you requested? We'll keep you posted (pun intended).That bug fix? We're on it. You may hop into the changelog and take a look at any time or subscribe to the feed. Our in-app notifications will also alert you, so you don't miss a thing.

This new page is here to improve critical communications between you and the Traceable team.  We look forward to hearing your feedback in the comments.

Cheers,

The Traceable Team