March 2022 Product Updates

Traceable Platform Agents and Tracing Agents are released asynchronously from the platform features and they can be found here

Protection against Spring4Shell vulnerability Announcement 

Spring4shell sprung up towards the end of March. Customers running following software versions are likely impacted: 

Traceable AI can protect your applications and API’s both at the Gateway layer with signature based approach and within the application with our Java agent which does not rely on signatures but on functional call sequence and malicious payloads detected within the agent.




CloudFlare Integration for Blocking Announcement 

Some of Traceable customers  rely on agentless deployment for a portion or even all of their environment. With this feature, we are able to provide proactive protection and block threat actors and malicious sources even when  in agentless mode.

The blocking is accomplished via integration with an external  CDN/WAF. The first integration made available is that with a popular CDN vendor, CloudFlare.

Adding a threat actor to a deny or suspend  list in Traceable will result in that actor being blocked at  the edge by an integrated CloudFlare instance.

Traceable  location and IP range blocking rules will operate in a similar fashion.


Changes in Attacker ScoringImprovement 

We got feedback from  Traceable  users that our previous scoring methodology was  too  aggressive for their high volume applications. To better align  with   our customers security workflow, we have  made changes to our approach to attacker  scoring as  follows:

  1. If multiple malicious behaviors are observed  in a single request, only the  highest severity behavior  will add to the score
  2. Reduction in  score contribution by similar events based on which parameter is being attacked, how many users have sent malicious payloads and exact values being sent.
  3. Contribution of each event is displayed in attacker timeline

Apigee On-premisesAnnouncement 

Apigee is a platform for developing and managing APIs. By fronting services with a proxy layer, Apigee provides an abstraction for your backend service APIs and provides security, rate limiting, quotas, analytics, and more. Traceable supports Apigee private cloud v4.51.00 and above.

Multi Region SAAS SupportAnnouncement 

For compliance reasons like GDPR, data residency and cost concerns our SAAS platform will also be hosted in Europe and APAC from this release. Customers will have the option to choose which deployments need to be connecting to the SAAS platform

Platform Access Token ManagementFeature 

Platform access tokens will have similar functionality like API tokens we introduced in the January release which will allow for - 

  1. Naming tokens for better traceability
  2. Revoking them when no longer needed
  3. Listing out all tokens with last access times

January 2022 Product Updates

Traceable Platform Agents and Tracing Agents are released asynchronously from the platform features and they can be found here

AWS Marketplace listing Feature Announcement 

Traceable AI is now available in the AWS marketplace for AWS users to make purchases directly or through private offers. We already have support for protecting your API’s running in different AWS services - Amazon Elastic Kubernetes Service (EKS), Elastic Container Service (ECS), or EC2 instances. For customers who are looking for agentless deployment options we also support  AWS Traffic Mirroring. 

Public API’s for Traceable Announcement 

Public API’s are now available for most functionality which is available via the Traceable UI.  

  • GraphQL API’s for consistent, predictable API you can use across all of your clients
  • Create your Protection policies, rate limiting, IP/Geo Blocking rules and more.
  • Obtain the most relevant API’s based on threats, risk score, call volume and activity
  • Obtain updates for attackers based on threat level, active and blocked security events and more


Label Management Feature 

API Endpoints and Services are important entities in API Security. Customers can now label these entities based on static attributes or dynamic attributes using Labeling rules which can match specific attributes from traces. Labels can be used to solve important use cases like - 

  • Find all API Endpoints and Services in your deployment which are impacted by Log4Shell Vulnerability 
  • Label all API endpoints and/or services which are running in an AWS VPC or Kubernetes cluster
  • Label all external API endpoints which are carrying PCI, PII or other sensitive data. 




Jira Integration Feature 

Infosec and Product Security engineers who use Traceable need to indicate to developers which API’s are vulnerable, have an increased risk due to new security events which showed up in pre-production or production deployments. With the introduction of of Jira Integration, tickets can be created based on findings in - 

  • Security Events page including details on Threat actor, specific URI, service/endpoint etc where threat event was seen 
  • Vulnerabilities page including vulnerability type, total API’s impacted by it, mitigation details etc

Vulnerability Management Improvement 

Traceable users who are taking advantage of Traceable Vulnerability detection and management will appreciate improvements in this area introduced this months.

First, two additional vulnerability types are now detected including Lack of Encryption and Incorrect Security Headers vulnerabilities.

Second, the vulnerability product area has been made much more actionable.

The users now can focus specifically on the vulnerabilities on external APIs. Summary charts are provided. Further, vulnerabilities are grouped by service, so that it is easy to use the direct Jira integration feature to assign remediation to the team, which owns the service.

Trace Explorer Flexible Search Improvement 

Traces view now supports flexible searching including regular expressions and ‘~’ operator which searches for a substring within a larger field of a Trace.

This functionality will help with advanced configuration tasks such as session identification configuration as well as with root cause analysis on detected security issues. 


Data Collection Feature 

Agentless data collection is now also supported via

  • Pod level mirroring
  • Daemonset (Node) mirroring

Revamped Documentation Improvement 

We’ve also improved our documentation in a significant way by following an information architecture that is closer to the mental model of our customers. Users can now find and get to the content they are looking for much faster.





November 2021 Updates 🎉🎉


Hello there,

A few updates from Traceable, we have been working away at introducing new features and improvements based on our customer asks. Thank you for supporting us and providing candid feedback, keep it coming !!

Traceable Platform Agents and Tracing Agents are released asynchronously from the platform features and they can be found here

🎉Risk Scoring Customization ANNOUNCEMENT 

  • In this release, we are making risk customizable on a customer by customer basis. Each of contributing factors in Likelihood and Impact is explicitly listed including the metrics that are assessed to evaluate the factor. The contribution of the factor to the overall API Endpoint Risk score as well as the lookup table for the matches between the numeric score and the stated risk level are customizable as well. API Endpoint granularity for risk can be achieved by labelling the API Endpoints as Critical, Sentry or other.

🎉Cookie parsing IMPROVEMENT 

  • In this release, we add parsing each cookie into key-value pair in addition to previously available parsing of the API Endpoint query, headers and body for requests and responses

🎉New Custom Rules IMPROVEMENT 

  • IP range blocking rules can now be configured easier. Two additional options are ‘Never block’ and ‘Block all except’. This will help easily exclude internal IPs and Pentesters from being blocked and simplify the workflows. 
  • Geo-location blocking is now available. Customers can specify the regions that should not be allowed to use the protected applications. This blocking can be configured by explicitly listing disallowed regions or by exception.

🎉Self Pay Option Announcement 

  • Team trial or free tier users can upgrade to Team tier 
  • Monthly and Annual plans available
  • Increase/Decrease endpoints and calls over time based on antiquated usage.

🎉RBAC Update with Security Analyst Role Improvement 

  • Security Analyst look for security events and threats in APIs and applications. They are typically part of the Security operations centre (SOC) teams or part of product security teams and need to be aware of any security events as soon as they occur. 
  • Security analyst role added to complement the Account Owner, Security Admin, Developer roles already present in Traceable. 

🎉More options for data collection Announcement 

  • We’ve extended the breadth of data collection by adding support for mirroring in AWS. This is an agentless solution that mirrors traffic from supported AWS targets. More details are available here
  • Newly released Python tracing agent supports auto-instrumentation and blocking. Data can be collected from Python applications without changing source code. 

🎉UserID based BOLA Improvement  

  • Additional type of an authorization bypass is now detected based on a mismatch in the UserIDs. This is another example of session based anomaly which can only be detected by context-aware solutions like Traceable, but not by legacy WAFs.



July 2021 Product Updates

Hello there ! More updates from our big summer release. Thank you for supporting Traceable and providing candid feedback. As a result, we've made countless adjustments but here are the big ticket items including the Industry's first Free API security offering. Keep the feedback coming!

Traceable Platform Agents and Tracing Agents are released asynchronously from the platform features and they can be found here

🎉Free API Security - Announcement

  • Free Tier access forever 
  • Upto 40 API Endpoints, API Discovery, Insights, Risks and a lot more 
  • Free and Team tiers in addition to Enterprise tier
  • Free 15 day trial of Team tier 
  • Why it matters: API Security Impacts all of us. We want to enable Developers and Security Operations teams to adopt world-class API security for their applications, regardless of budget.

🎉Self Service Experience - Announcement

  • Simplified instructions for Traceable Platform Agent (VM’s, K8s) and Tracing Agent (Nginx, K8s, Java) installs 
  • Platform provides updates of installation progress
  • Users can onboard themselves and others within their teams
  • Available playground environment, with a rich API data set from a typical application, allows you to experience the full capabilities of the product without instrumenting your application
  • Why it matters:  Security Teams rely on Devops and Developers to install agents, having a simplified and automated process for agent installations eases the process for security teams within the organization. 

Enhancements to In-App Protection - Features

  • Blocked events log & analysis in the UI
  • Weekly security report
  • Custom rules & signature definitions
  • Flexible false-positive exclusion workflow
  • Monitored users highlights
  • Why it matters: Better, higher quality protection with fewer false positives and easier way to analyze detected security events

API Intelligence Dashboard - Features

  • New API Intelligence dashboard is available
  • Summarized view of API endpoints based on call volume and risk scores
  • Why it matters: Developers and DevOps need a quick way to understand the risks in their APIs and applications to be able to prioritize which of them need to be fixed first.


May 2021 Product Updates

Hello there ! Here are some of the key items from our spring release. We have brought in key features in the product based on your inputs and key innovations we believe are needed in API security. Keep the feedback coming!

Traceable Platform Agents and Tracing Agents are released asynchronously from the platform features and they can be found here

API Protection Enhancements - Improvement

  • Blocked events UI
  • User session API flow within security event screen
  • Why it matters: Blocked events allows customers to audit and tune the rules and emphasizes the proactive nature of Traceable protection. API events in the security view  shows the value of Tracing and helps investigate vulnerabilities.

API Discovery and Risk - Feature

  • API filtering based on sensitive data types
  • Why it matters: This is one of the first steps towards data flow tracing and allows customers to identify APIs that handle specific types of sensitive data, especially where they are not supposed to be accessing them. 

Custom Alerting - Feature

  • Traceable will alert you on several key activities - 

    • Blocked Event
    • Threat Actor activity
    • Security event detection
  • Why it matters: Infosec and SecOps teams need to be notified in real time about key security events so they can take remedial actions as needed.

Sensitive Data Redaction - Feature

  • Customer specific redaction rules
  • Multiple match criteria - header, key, value, etc
  • Actions tailored to customer specific privacy requirements
  • Why it matters: If you have privacy concerns about your sensitive data being sent to our platform you can redact, obfuscate or collect the data based on different granular filters.

Agent Inventory - Feature

  • Complete Traceable Platform Agent and tracing agents inventory
  • Platform Agent which maps to Hosts
  • Tracing agent which maps to Services
  • Versions, environment, and health status of each agent
  • Why it matters: Having a complete inventory of your Traceable Platform and tracing agents helps you to manage them better and more efficiently (eg. making decisions on upgrades, understanding the status of each one, and easier troubleshooting in the case of errors.). 

 

Jan. 18, 2021 - Release Notes

Good morning! Holy toledo, there is a lot to share with our first release notes. Thank you for supporting Traceable and providing candid feedback. As a result, we've made countless adjustments but here's the big ticket items. Keep the feedback coming!

New Protocol Support  New 

  • GraphQL
  • API Definition and Parameter Insight now available
  • Why it matters: GraphQL is a popular newer protocol optimized for data; GraphQL queries smoothly follow references between multiple resources. getting all the data your app needs in a single request.

Agent Improvement  Improvement 

  • Java OTel agent - full feature parity with the old Java agent
  • NGINX Ingress controller support
  • Ability to exclude urls from detection based on a regular expression
  • Known issues 😞 
    • golang agents do not currently support blocking
  • Why it matters: OTel (Open Telemetry) is a newer standards and provides better performance, improved management, and interoperability with other distributed tracing and performance monitoring tools. NGINX Ingress is a popular technology for routing inbound calls within K8s environment. Excluding a url from detection allows customers to reduce their processing and licensing by not protection low risk / high volume endpoints.

Enterprise readiness Improvement 

  • SAML integration (integration with Okta, ADFS and other enterprise SSO tools)
  • Usage monitoring
  • Business continuity plan in place and reports are available
  • Traceable security assessment conducted and the report available
  • Configure UserID detection without needing to touch the customer collector
  • Why it matters:  Enterprises can use their existing authentication systems to connect their employees to Traceable management console; with usage monitoring, customers are presented with information on the number of system calls & whether their current usage is in line with their Traceable license; Business continuity and security processes will have customer compliance.

Improved protection Improvement 

  • FP exclusions list management in the UI
  • Immediate blocking for known ‘bad’ patterns
  • Detect possible scanners
  • Include user location information with traces and security events
  • Known issues 😞 
    • Automated threat blocking is not yet supported
  • Why it matters:  This is work toward feature parity with the leading WAF/ RASP solutions. Immediate blocking reduces latency and allows blocking of attackers before full learning is complete. Scanner detection helps eliminate noise and focus on important issues.

API Discovery and Risk New 

  • API change management
  • Why it matters:  Any new parameters in the requests or responses or API endpoints with changes are flagged. Security team can focus on potential risk of the new or changed API endpoints.

Addressed Deficiencies Improvement 

  • Users can now be deleted from the UI
  • Eliminated requirements for a defined container ports for sidecar deployment

Have a great day!

Until next time,

The Traceable Team

We're starting a Changelog!

Hello There!

🎉 Big news today: we're starting a public changelog, so you're always up-to-date with releases, happenings, improvements, and fixes made in Traceable AI.

We base all of our decisions on making you, our customer, successful. Therefore, it's our job to make sure you are fully informed about product updates and changes.

That feature you requested? We'll keep you posted (pun intended).That bug fix? We're on it. You may hop into the changelog and take a look at any time or subscribe to the feed. Our in-app notifications will also alert you, so you don't miss a thing.

This new page is here to improve critical communications between you and the Traceable team.  We look forward to hearing your feedback in the comments.

Cheers,

The Traceable Team