Traceable + Wiz: Supercharging Threat Detection with Complete Cloud and API Context

Allison Averill
Avinash Kolluru
Sudeep Padiyar
|
June 6, 2024

When it comes to understanding application risk and detecting sophisticated threats targeting applications, context is king. Traceable is purpose-built to provide the most complete security context on APIs by capturing, correlating, and analyzing every API transaction. By partnering with Wiz, we further extend our data advantage with cloud security context, powering higher-fidelity threat detection and risk based prioritization for cloud native applications. We announced the first phase of our integration last year, bringing Wiz data into Traceable, and are excited to announce a new phase that pushes Traceable’s API security context into the Wiz platform.

Phase 1: Wiz Cloud Context in Traceable

Traceable AI has been one of the early technology partners with Wiz for the WIN program, providing customers with the combined capabilities of the Wiz Cloud Native Application Protection Platform (CNAPP) and Traceable’s API Security Platform. The first phase of the integration helped our joint customers achieve the following goals:

  1. Complete Code to Cloud Threat Correlation: Correlate API threats identified by Traceable with cloud context around Kubernetes and VM deployments from Wiz
  2. Prevent Data Loss at API layer: Data loss mapping with cloud context to protect sensitive data across API Request/Response and cloud storage layers
  3. Scale easily and securely: Automatic mapping of APIs to cloud deployments  by Traceable to determine where compromised cloud assets reside.

Phase 2: Bi-directional Integration Brings Traceable API Context into Wiz

The next phase of the integration takes complete threat correlation to the next level with the ability to push Traceable threat detections into Wiz Cloud events and the powerful Wiz Security graph. This completely changes the way APIs can be protected with cloud context and threat correlation is possible in a single console within the Wiz platform. Since most modern APIs are deployed in the public cloud today, the key container and VM level correlation is achieved with the capabilities of the eBPF technology that Traceable invested in early.Key features and benefits for our joint customers with this expanded integration include:Correlate real-time API threats from Traceable with Wiz Issues for deeper context and streamlined investigationWiz identifies and prioritizes Issues in cloud environments based on multiple risk and threat factors. Traceable leverages Wiz Issues to provide Security teams with cloud infrastructure context when remediating an active threat detected on their APIs. Pushing API runtime threat detections to Wiz helps enrich Wiz’s threat detection capabilities and contribute as evidence to Wiz Issues. These are especially useful for privilege escalation, injection attacks and arbitrary code execution based exploits like Log4 Shell and Spring4 Shell.

Prioritize API vulnerabilities based on likelihood of exploitationWiz scans cloud environments and creates a complete inventory of cloud assets, interdependencies, and risks associated with those assets. Traceable supports deployment modes like eBPF which has underlying cloud assets details that enable it to query Wiz’s API to pull inventory, API misconfigurations, and issues. Correlating these insights with threats seen on the APIs provides infosec teams with details on attack paths due for individual or combined risks. Visualize attacks on Wiz Security Graph for Incident ResponseWhen a security incident occurs, it's imperative that Incident Response teams be able to quickly and accurately assess the potential impact of a compromised resource such as a VM or container and pinpoint the root cause of how the security breach occurred. Wiz’s key innovations in this area are complemented with Traceable’s inherent capabilities around real time threat detection for unparalleled toxic combination analysis.

Forensics and Root Cause Analysis Pinpointing the root cause of a security incident in complex cloud deployments which span VMs, containers, serverless, etc. can be like finding a needle in a haystack. For Kubernetes Namespaces, Wiz has open-sourced the blast radius calculation method and released NamespaceHound to detect violations, Traceable’s platform has complete coverage for threat detections ranging from AuthN/AuthZ based attacks to privilege escalation to path manipulation based attacks. That correlated with behavioral baselines allows for complete threat hunting and forensics which complements Wiz’s capabilities well.

In conclusion, Traceable empowers security teams to proactively assess and fix security issues in APIs to identify threat activity. With extensive security context, threat intel, and broad and deep data collection and analysis Traceable delivers a data advantage in protecting APIs across cloud environments. Wiz provides customers the ability to automatically collect important evidence when a cloud resource may have been compromised. Together Traceable and Wiz  provide powerful security context, prioritization, and remediation capabilities to protect your applications from code to cloud.To unlock the power of correlated cloud and API security context with Traceable and Wiz, schedule a demo today.

About Traceable

Traceable is the industry’s leading API Security company helping organizations achieve API protection in a cloud-first, API-driven world. Traceable is the only contextually-informed solution that powers complete API security – API discovery and posture management, API security testing, attack detection and threat hunting, and attack protection anywhere your APIs live. Traceable enables organizations to minimize risk and maximize the value that APIs bring to their customers. To learn more about how API security can help your business, visit https://www.traceable.ai/.

Download Blog Post

The Inside Trace

Subscribe for expert insights on application security.

Thanks! Your subscription has been recorded.

or subscribe to our RSS Feed

Read more

See Traceable in Action

Learn how to elevate your API security today.