Traceable AI Software Release – November 2021 Update
December has finally come and Traceable AI has released a whole new suite of software features for our customers, with the continued aim of ensuring the best API Security solution on the market.
AWS agentless Traffic Mirroring
Description:
Traceable now expands our data collection deployment methods, offering customers a new agentless method that adds mirroring on AWS. Customers who build their API applications on AWS are now able to mirror from their AWS application workloads, collecting all requests/responses from the virtual interface and sending them to Traceable AI for storage and analysis.
Value:
Provides customers with an easy, fast, and frictionless data collection method that does not require extensive work instrumenting the application. It can be deployed by security or operations teams without the need to involve the development teams.
Key Highlights:
- Provides fast and frictionless Agentless API Security deployment of Traceable AI
- Easy and fast way to deploy Traceable AI without deploying agents within the application
- Monitoring of application in a matter of minutes
- No risk of interruption to the application
Python tracing agent
Description:
A new agent-based tracing agent has been released in addition to our current JAVA and GO agent based support. Provides auto-instrumentation and auto-blocking for front-end applications and back-end microservices written in Python.
Value:
Provides customers an easy way to deploy Traceable AI within the application without the need to change any python application source code.
Key Highlights:
- Automated installation of python agent
- Automated real-time blocking of cyber-threats
- Enables end-to-end visualization of API paths
Security Analyst Role
Description:
Traceable AI has now added the security analyst persona to its existing set of roles that are used to access Traceable AI. A security analyst role implements a restricted configuration mode but yet enables streamlined visibility into applications protected by Traceable AI. Security analysts can visualize cyber-threats, risk-scores and remediate security events to better manage their job as security analysts in a SOC (security operations center). The security analyst role is now in addition to the current roles that are already present in Traceable AI: Account Owner Security Admin, Developer role.
Value:
Customers benefit by having multiple views into Traceable AI that are optimized for their specific role. One size does not fit all in an enterprise-grade application security solution, ensuring that each employee has a view into Traceable AI that is optimized for their role.
Key Highlights:
- Enables streamlined view of the Traceable AI UI, built for a security analyst.
- Ensures that SOC analysts do not inadvertently makes configuration changes to the Traceable AI.
UserID based BOLA
Description:
Context-aware threat detection by Traceable AI has enabled a new feature improvement that better detects authorization bypass vulnerabilities that enable an unauthorized user to access another user’s resources within an application. With this new enhancement, Traceable AI is able to monitor an identified user (User-ID1) who has gained access into an application with an authentication token. If there is a sudden switch by (UserID2) utilizing the same authentication token to gain access to User-ID1) resources, it is immediately flagged as a malicious event.
Value:
This new enhancement better prevents cybercriminals from exploiting BOLA vulnerabilities embedded in API applications, preventing cybercriminals from accessing sensitive data of targeted victims.
Key Highlights:
- Enhanced detection and blocking of BOLA attacks focused on malicious actor stealing an authentication token of a victim and attempting to access victim’s resources within an application
- Stops sessions hijacking that could lead to sensitive data exfiltration.
Risk Scoring Customization
Feature:
Risk scoring is now customizable by customers within the Traceable AI UI. Customers can adjust the contributing parameters that determine the “Likelihood” and “Impact” factors that drives the determination of your overall Risk-score. This value is then used to determine the overall API endpoint risk that seen in the API intelligence section within the Traceable AI UI.
Value:
Risk is not a universal standard and is unique to each customer. Risk Score customization allows customers to adjust their risk-scores appropriate to their organization, vertical and specific requirements. A risk-score is not a one-size fit’s all value and should be adjusted appropriately to each organization’s security and business requirements.
Key Highlights:
- Risk Score is adjustable by modifying “Likelihood” and “Impact” parameters in Traceable UI.
- Risk Score definition can be modified to the unique requirements of each organization.
Cookie parsing
Description:
Traceable AI now enables parsing of cookie values obtained from your application for deeper analysis and troubleshooting. Customers looking to break apart fields from their cookies to make them more human readable can do so now. Customer can now parse and examine: API Endpoint query, headers, request/response body from a specific cookie file.
Value:
It enables developers to read cookie content - human readable, enabling faster troubleshooting of application issues and enabling user attribution of each API request.
Key Highlights:
- Each cookie is presented as structured json data with clearly identified keys and values
- Each cookie parameter can then be examined for malicious content , presence of sensitive data and more
IP Range Blocking
Description:
Traceable AI customers can now implement new IP range blocking rules in their security policy. The two new additional options are, “Never block” and “Block all except”. One primary use case would be to quickly create a security policy that excludes internal IP addresses that can then prevent your organization’s Pen-testers from being blocked when testing your application.
Value:
Enables more precise and structured security polices that are easier to understand and manage.
Key Highlights:
- Easier policy creation with English configuration options.
- Reduce the amount of time & mistakes in creating a security policy
Geo-location Blocking
Description:
Customers now have a new policy configuration option that now includes selecting specific countries or regions that can prevent access to your applications. One critical use-case would be a security team that needs quickly implement new security policies that block persistent cyber-attacks that originate from a specific country that slows down or obstruct the accessibility of your application to your regular customers.
Value:
Enables easy, fast policy creation. Admins can avoid the effort of compiling all the IP addresses block associated with a country or region for inclusion in their security policy. It also ensures that there is no risk of making mistakes when compiling geo-location oriented security policy.
Key Highlights:
- Fast, easy security policy creation
- Immediate blocking of cyberattacks originate by country/region