Agentless API Security in Google Cloud

Amod Gupta
|
November 18, 2023

We are very excited to announce Traceable’s latest integration with Google Cloud application load balancers to provide agentless API security in Google Cloud!At Google Cloud Next ’23, Traceable  partnered with the Service Extensions team and now with the release of service extension’s public preview, Traceable customers can seamlessly integrate with Google Cloud’s application load balancers to secure all API traffic passing through them.API Security is centered around four core pillars of Discovery, Attack Detection, Attack Protection, and API Testing. The biggest problem that customers have, especially in large enterprises, is discovery - i.e., not knowing how many APIs they have, where these APIs are deployed and which of those are accessible over the internet to external systems. By integrating with Google Cloud’s application load balancers, Traceable can automatically discover all APIs, catalog them and assess their inherent risk by looking at various dimensions such as strength of authentication, level of encryption, presence of vulnerabilities and sensitive data, etc. All this can be done in an agentless manner (as described below), by capturing a copy of relevant traffic flowing through the load balancers. Data collection is done out of band with minimal latency added to the requests - something all customers are sensitive about.

The following diagram illustrates this process at a high level.

  1. Client generated HTTP(s) request arrives at the load balancer
  2. Load balancer forwards the request to Service Extension via RPC
  3. Service extension executes and returns request to LB
  4. Load balancer forwards the request to the backend service
  5. Service extension forwards a copy of the request to Traceable collector asynchronously
  6. Traceable collector forwards the copy of the request to Traceable Platform

As mentioned above, this does not require any agent deployment and therefore security teams don’t require time commitment from the DevOps teams. With the help of the work done by the Service Extensions team at Google Cloud, Traceable can be enabled by adding a few lines of configuration to the load balancer (shown below).

Service extensions enhance Google Cloud application load balancers by letting partners provide additional functionality like custom logging, authentication, security screening etc. Traceable has been a great design partner since launch that has helped shape and validate our thinking behind service extensions, especially in the area of API security. - Neil Abogado, Senior Product Manager, Google

Once enabled, customers can view all the APIs that are being accessed through the load balancer along with details like authentication type used, presence of encryption, OWASP API Top 10 vulnerabilities, sensitive data, risk posture and many other details. Traceable supports all API architectures including the most popular ones - REST, SOAP, gRPC & graphQL. Traceable will also automatically create OpenAPI specifications for these APIs wherever applicable, which can be used for API security testing and other purposes.

This integration with Google Cloud’s application load balancer compliments our existing integration with Google Cloud’s Apigee’s API Gateway. Traceable integrates with all flavors of Apigee i.e SaaS, Hybrid and On-premises to provide an identical level of functionality as described above in the case of load balancer. Our mission at Traceable is to secure every single API, which starts by discovering all APIs in a customer's environment be it external, internal or 3rd party. This is made possible by building and maintaining one of the most comprehensive data collection options in the industry.

About Traceable

Traceable is the industry’s leading API Security company helping organizations achieve API visibility and attack protection in a cloud-first, API-driven world. Traceable is the only intelligent and context-aware solution that powers complete API security – API discovery and posture management, API security testing, attack detection and threat hunting, and attack protection anywhere your APIs live. Traceable enables organizations to minimize risk and maximize the value that APIs bring their customers. To learn more about how API security can help your business, book a demo with a security expert.

Download Blog Post

The Inside Trace

Subscribe for expert insights on application security.

Thanks! Your subscription has been recorded.

or subscribe to our RSS Feed

Read more

See Traceable in Action

Learn how to elevate your API security today.