What are we announcing?
We are pleased to announce that Traceable AI has added a new agentless deployment option of traffic mirroring for customers who wish to deploy an API security solution to protect their API-driven applications.
We built the Traceable AI agentless traffic mirroring deployment option because our customers requested a way to get started with minimal commitment, low friction from other organizations, and zero risk to their application’s health and performance. The new deployment option lowers the barrier to adoption, increasing the organization’s ability to improve the security posture of their applications.
What does agentless mean?
Agentless deployment means that there is no additional software process or code required to be run as part of the application code. Agentless by traffic mirroring is completely out-of-band, which means that it is read-only and can not affect the application or application components through interception or alteration of the inbound or outbound network traffic, or its performance through CPU, memory, or added latency.
Agentless also means that the number of organizations that need to be involved in implementation is minimized, which eases adoption for everyone. Meanwhile, the value of the implementation can still be experienced by everyone.
What immediate value does it provide you?
Customers who deploy Traceable AI using the traffic mirroring deployment option will benefit from the following capabilities:
API Catalog and Risk Management
Traceable AI will discover and inventory all external APIs that exist on the mirrored interface. As customers enable new APIs, Traceable AI will be able to discover them in real-time as they are being activated based on information gathered from application traffic flows. Customers can view existing and newly discovered APIs within the Traceable AI UI. Orphan, deprecated, and shadow APIs are discovered and immediately inventoried for your review. This comprehensive capability to catalog your managed and unmanaged APIs helps to reduce your attack surface and the ability of cybercriminals to exploit unmanaged APIs to gain unauthorized access to your sensitive data.
For each API endpoint, Traceable AI will be able to reverse engineer the API parameter specification from user-driven traffic. As your API endpoint changes over time, Traceable AI will automatically update your API specification without any user intervention. Traceable AI calculates a risk assessment for each API endpoint, enabling security and development teams to prioritize their focus on the API endpoints that pose the greatest threat to their organization. Customers can pinpoint which API’s inadvertently expose sensitive data and whether each API enables proper authentication.
Detection of Cyber-attacks
All API traffic that is mirrored from each Amazon VPC is sent to Traceable AI for attack detection and analysis. Powered by machine learning, Traceable AI is able to extract the business logic and API parameter file definition from user-driven traffic to your application. This enables Traceable AI to detect specific misuse and tampering with API parameters that seek to exploit and exfiltrate sensitive data from your application.
Traceable AI can detect API and Web malicious use, identifying and preventing OWASP API Top 10 and OWASP Web Top 10 exploits that target your application. Built around user attribution, Traceable AI’s enable customers to track user activity and user groupings for visualization and analysis. Anomalies in user-driven traffic are immediately surfaced and sent to security operations for further investigations and remediation steps.
Zero Friction, Zero Risk
Traceable AI’s traffic mirroring offers customers a zero-risk option to deploy Traceable AI that eliminates any concerns about deploying an API security solution that might affect the stability or performance of your protected application. Since the solution is out-of-band, there is no risk of disruption to the operation of your application ensuring that there is no impact on application performance, availability, and functionality. The traffic monitoring also provides a seamless operation that does not require any changes to your application code, enabling you to develop, operate and run your application as you normally would.
How does it work?
The Traceable AI traffic mirroring deployment option provides an easy, frictionless deployment where an agent relay is deployed outside of the application and operates on a mirrored copy of the application traffic. Instead of deploying the agent within the application, the customer can deploy an agent relay in a separate virtual image that runs on the same Amazon VPC.
Network traffic is then mirrored from the virtual interface on the instance your application is running on to the Traceable AI traffic mirroring relay. After pre-processing, the relevant data and meta-data are sent to the Traceable AI cloud for further analysis. This deployment option provides a low-risk, high-coverage alternative to customers interested in security, observability, and session-based analytics for their external APIs.