Traceable AI, the leader in API security protection, announced the introduction of the free API security solution. Unique in its offering, Traceable’s free API security solution enables developers and security operations teams to get started improving the API security of their applications without the need for budgetary approval. With this new offering, Traceable AI aims to enable everyone to make progress on solving the API security crisis.
Despite knowing that API security needs to be a critical component of developing their applications, DevOps teams often remain handicapped by inadequate tools and budgets to properly address their needs. This has put the software industry in an API security crisis.
According to the just released Gartner Hype Cycle for APIs and Business Ecosystems, 2021 report, “Every connected mobile, modern web or cloud-hosted application uses and exposes APIs. These APIs are used to access data and to call application functionality. APIs are easy to expose but difficult to defend. This creates a large and growing attack surface, leading to a growing number of publicised API attacks and breaches. Traditional network and web protection tools do not protect against all the security threats facing APIs, including many of those described in the OWASP API Security Top 10.”
Also Read: On Data Governance, Stewards… and Dragons
With the free API security solution offered by Traceable AI, these teams now have the option to use a free enterprise-grade solution to gain visibility, protection, and analytical insights into their APIs.
Powered by its distributed tracing and unsupervised machine learning technologies, Traceable AI addresses these problems by learning the application context and normal behaviors. Unlike Web Application Firewalls (WAFs) that rely on static threat signatures of known attacks, deep API insights and ML enhanced anomaly detection enable the Traceable AI Free tier offering to detect and block known (such as the OWASP Top 10) and unknown threats with no signature tuning yet minimal false positives.
The self-service deployable free version of Traceable AI includes:
- Continuous discovery and inventory of all APIs, including shadow and orphaned APIs
- Real-time, automatic API documentation including parameter details, usage patterns, and API changes flagged Insights into API runtime behavior, including API usage patterns, user details, and where sensitive data is being exposed
- Continuously updated API risk scores based on likelihood and impact of abuse API & web application protection (OWASP Top 10) powered by ML anomaly detection for low false positives without signature maintenance
- Real-time API vulnerability detection of API misconfigurations to prevent malicious exploitation by cybercriminals
- API performance metrics for establishing normal vs abnormal behaviour, including number of calls, call frequency, and error and latency distribution
- Block threats based on threat actor, IP range, anomaly detection + signatures
