Traceable Launches Enhanced API Catalog — the industry’s only solution for API discovery, risk posture management, and compliance

Today, we are excited to announce the new functionalities of API Catalog, Traceable’s API discovery and risk posture management solution!

We have witnessed, first hand, a new shift within the software development industry, one that hasn’t been addressed fully by the API security tools available today. Cloud-native, distributed, and API-based applications create new risks for companies and new opportunities for hackers to steal data and attack your system. 

The first place to start your API security journey is knowing what you have and where you are at risk.

Most API security solutions simply give organizations an inventory of their APIs. While this may seem helpful initially, it’s not enough, and can often turn into a manual process to gain more information about those APIs. Traceable makes API Discovery actionable and takes it to the next level with API Catalog.

A Single Pane of Glass for All API Activity

API Catalog discovers all APIs across your environment – known and unknown – internal, external, 3rd party, as well orphaned, zombie and shadow APIs.

It displays the highest risk APIs in the dashboard so you can know instantly what is being exposed, and what resources to focus on to effectively prioritize potential incidents.

More on Risk Scoring: Traceable automatically generates risk scores for all your APIs based on the traffic they receive. A variety of factors, such as authentication, encryption, external exposure, sensitive data, etc., are considered to accurately identify the ‘Likelihood’ and ‘Impact’ of an attack on an API endpoint.

You’re also able to see a live feed of all API changes and obtain instant insight into the details of each type of change, such as headers or any parameters changes. Security teams can be rest assured that all planned and unplanned changes along with impacted APIs will be visible to them.

Open API Specifications (OAS) are great for security teams to collaborate with their development counterparts and to understand how APIs are being used. Unfortunately, most security teams either don’t have access to OAS, because they were never written, or the application might be legacy. When development teams do have OAS, they are often out of date. 

Traceable generates OAS for every endpoint based on the traffic that it observes. These specs are available to view and download in YAML/JSON formats. 

What API Catalog Means for the API Security Industry

In today’s API security market and environment of both new and old threats, API attacks are becoming increasingly prominent. 

The expansion of API Catalog, with its API discovery and risk posture management capabilities, – enables customers a way to discover all of their APIs, understand their risk exposure and adhere to compliance standards. 

Specifically:

1. Understand your API risk posture: Traceable generates risk scores associated with each API that proactively identifies vulnerable APIs, giving you a comprehensive view of your risk exposure.
2. Identify sensitive data flows: Traceable uncovers all APIs that expose sensitive data and where, and enables you to take appropriate actions.
3. Adhere to compliance mandates: Traceable Identifies and tracks all data correlated across disparate systems to enable audit and compliance efficiency.

Now, Everyone Has an Effortless Way to Discover and Manage API Risk

One of the biggest advantages of API Catalog is that it’s built for all users who are managing API security posture. Security, DevOps teams, as well as governance, risk and compliance (GRC) teams equally benefit from API Catalog’s capabilities.

• Security: Security teams need an API catalog so they can obtain a comprehensive view of their attack surface and risk posture. This helps them prioritize the wide range of API security issues that must be addressed.
• DevOps Teams: CI/CD integrations allow DevOps teams to address security issues the same way they would address quality issues in the testing process. With API Catalog, they can identify problems early in non-production environments, as finding issues in production is far more expensive and time-consuming to remediate.
• Governance, Risk, Compliance: GRC teams require an API inventory and visibility into sensitive data exposure, particularly as they answer to regulatory bodies. With API Catalog, they can now track all data correlated across disparate systems, with little to no effort. This results in comprehensive audit and compliance efficiency.

API Catalog Offers Robust Capabilities to Discover APIs and Manage API Risk Exposure

• Automatic Classification: Auto-group or tag APIs that belong to the same application. Identify the team responsible for the application development, map user roles with externally defined user roles, tenants or merchants via integration with SAML, and identify which cloud/infrastructure hosts the API.
• OpenAPI Spec Analysis: Download auto-generated API specs in Open API format including parameter details and insights, detected sensitive data and annotations.
• CI/CD Integration: Provides APIs for integrating numerous functions, such as risk scores, and conformance analysis in staging, with CI/CD and CMDB infrastructure, including your existing alerting infrastructure.
• API Change Management: Traceable automatically identifies new APIs and updates to existing APIs such as changes in headers, parameters, and many more.
• Conformance Analysis: Upload API specification defined by dev (or extracted from an integrated gateway), compare to the currently derived spec; flag deviations; select the ‘source of truth’ – uploaded or detected; alert on shadow APIs.
• Regulatory Compliance: Map each API endpoint to sensitive data sets that it exposes (request and response) and authentication methods it requires.
• Robust Reporting: Quickly build reports to summarize API events of interest and send them to organization stakeholders.
• Flexible Deployment: API Catalog provides multiple options for API discovery, including edge (such as gateways, load balancers, proxies), in-application (Java, Node.js, Go, Python) and out of band (such as VPC mirroring, pod mirroring).

Start Your API Security Journey Today

With the API threat landscape increasing in scope and sophistication, we are thrilled to continue delivering API security solutions to address your growing challenges. We encourage you to request a demo of API catalog to get the full experience of how it can address your API Security needs.