December was a busy month as we were working with customers on protecting their environments from the Log4Shell vulnerability, here is our quick start guide and a webinar which explains about the vulnerability and our approach in detail.
Traceable Platform Agents and Tracing Agents are released asynchronously from the platform features and they can be found here.
Log4Shell aggressive defense - Improvement
Log4Shell is one of the most impactful vulnerabilities we have seen in recent times.
In addition to existing Java attack detection, Traceable can help protect your applications from being exploited by Log4Shell with comprehensive coverage
- Added signatures for newly discovered CVEs from the Log4Shell family
- Added JNDI Lookup blocking in the Java In-app agent
Attack dashboard - Improvement
We have updated the attack dashboard to help security engineer assess the attack climate of the cloud-native environment at a glance.
The new dashboard includes a summary of the application activity with unique users and traffic, graph of attackers and attack requests, the list of most detected and most blocked security event types and more.
API Endpoint Details dashboard - Improvement
We have streamlined API Endpoint details view to bring forward the API intelligence and make security summary more accessible.
The new view summarizes security events and vulnerabilities detected for a given API Endpoint, gives a view of sensitive data types found in the requests and responses and bring the OpenAPI specification to the summary page.
HA Proxy - Announcement
HAProxy is a free and open source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications that spreads requests across multiple servers, which has a reputation for being efficient with regards to memory and CPU usage.
Our customers who use HAProxy as a load balancer or a reverse proxy in their infrastructure can now deploy Traceable tracing agents as a plug-in into HA Proxy.
API Catalog, static and dynamic detection, signature-based blocking, rate limiting, IP blocking and other features will be supported with this tracing agent.
HAProxy support is available with the Tracing Agent version 1.11.3 or above.
SOC 2 Type 2 Compliance - Announcement
Traceable has received SOC 2 Type 2 certification. This certification shows that Traceable, though a young company, pays significant attention to the security, availability and privacy of our customer and their data. This is why our many customer entrust Traceable to protect their application. This certification will also help our prospective customers to save time and resources by relying on this independent certification instead of analyzing bespoke security surveys.
By the way of a background SOC 2 Type 2 report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating. Companies that use cloud service providers use SOC 2 reports to assess and address the risks associated with third party technology services.