May 2021 Product Updates

Hello there ! Here are some of the key items from our spring release. We have brought in key features in the product based on your inputs and key innovations we believe are needed in API security. Keep the feedback coming!

Traceable Platform Agents and Tracing Agents are released asynchronously from the platform features and they can be found here

API Protection Enhancements - Improvement

  • Blocked events UI
  • User session API flow within security event screen
  • Why it matters: Blocked events allows customers to audit and tune the rules and emphasizes the proactive nature of Traceable protection. API events in the security view  shows the value of Tracing and helps investigate vulnerabilities.

API Discovery and Risk - Feature

  • API filtering based on sensitive data types
  • Why it matters: This is one of the first steps towards data flow tracing and allows customers to identify APIs that handle specific types of sensitive data, especially where they are not supposed to be accessing them. 

Custom Alerting - Feature

  • Traceable will alert you on several key activities - 

    • Blocked Event
    • Threat Actor activity
    • Security event detection
  • Why it matters: Infosec and SecOps teams need to be notified in real time about key security events so they can take remedial actions as needed.

Sensitive Data Redaction - Feature

  • Customer specific redaction rules
  • Multiple match criteria - header, key, value, etc
  • Actions tailored to customer specific privacy requirements
  • Why it matters: If you have privacy concerns about your sensitive data being sent to our platform you can redact, obfuscate or collect the data based on different granular filters.

Agent Inventory - Feature

  • Complete Traceable Platform Agent and tracing agents inventory
  • Platform Agent which maps to Hosts
  • Tracing agent which maps to Services
  • Versions, environment, and health status of each agent
  • Why it matters: Having a complete inventory of your Traceable Platform and tracing agents helps you to manage them better and more efficiently (eg. making decisions on upgrades, understanding the status of each one, and easier troubleshooting in the case of errors.). 

 

Jan. 18, 2021 - Release Notes

Good morning! Holy toledo, there is a lot to share with our first release notes. Thank you for supporting Traceable and providing candid feedback. As a result, we've made countless adjustments but here's the big ticket items. Keep the feedback coming!

New Protocol Support  New 

  • GraphQL
  • API Definition and Parameter Insight now available
  • Why it matters: GraphQL is a popular newer protocol optimized for data; GraphQL queries smoothly follow references between multiple resources. getting all the data your app needs in a single request.

Agent Improvement  Improvement 

  • Java OTel agent - full feature parity with the old Java agent
  • NGINX Ingress controller support
  • Ability to exclude urls from detection based on a regular expression
  • Known issues 😞 
    • golang agents do not currently support blocking
  • Why it matters: OTel (Open Telemetry) is a newer standards and provides better performance, improved management, and interoperability with other distributed tracing and performance monitoring tools. NGINX Ingress is a popular technology for routing inbound calls within K8s environment. Excluding a url from detection allows customers to reduce their processing and licensing by not protection low risk / high volume endpoints.

Enterprise readiness Improvement 

  • SAML integration (integration with Okta, ADFS and other enterprise SSO tools)
  • Usage monitoring
  • Business continuity plan in place and reports are available
  • Traceable security assessment conducted and the report available
  • Configure UserID detection without needing to touch the customer collector
  • Why it matters:  Enterprises can use their existing authentication systems to connect their employees to Traceable management console; with usage monitoring, customers are presented with information on the number of system calls & whether their current usage is in line with their Traceable license; Business continuity and security processes will have customer compliance.

Improved protection Improvement 

  • FP exclusions list management in the UI
  • Immediate blocking for known ‘bad’ patterns
  • Detect possible scanners
  • Include user location information with traces and security events
  • Known issues 😞 
    • Automated threat blocking is not yet supported
  • Why it matters:  This is work toward feature parity with the leading WAF/ RASP solutions. Immediate blocking reduces latency and allows blocking of attackers before full learning is complete. Scanner detection helps eliminate noise and focus on important issues.

API Discovery and Risk New 

  • API change management
  • Why it matters:  Any new parameters in the requests or responses or API endpoints with changes are flagged. Security team can focus on potential risk of the new or changed API endpoints.

Addressed Deficiencies Improvement 

  • Users can now be deleted from the UI
  • Eliminated requirements for a defined container ports for sidecar deployment

Have a great day!

Until next time,

The Traceable Team

We're starting a Changelog!

Hello There!

🎉 Big news today: we're starting a public changelog, so you're always up-to-date with releases, happenings, improvements, and fixes made in Traceable AI.

We base all of our decisions on making you, our customer, successful. Therefore, it's our job to make sure you are fully informed about product updates and changes.

That feature you requested? We'll keep you posted (pun intended).That bug fix? We're on it. You may hop into the changelog and take a look at any time or subscribe to the feed. Our in-app notifications will also alert you, so you don't miss a thing.

This new page is here to improve critical communications between you and the Traceable team.  We look forward to hearing your feedback in the comments.

Cheers,

The Traceable Team