Traceable API Security Platform Updates – January 2024

Traceable started the new year right with product updates that bring additional customization, control, and automation to your API testing program, power deeper investigation and support new integrations with your security ecosystem.

Here are the details on what’s new:

Automate and tailor your API security testing with Suites

Traceable’s new API Security Testing Suites empower you to scale your API security testing program with fine-grained controls and automation. With Suites, you have full control over the what, where, and when of API testing. You can create a Suite using Traceable’s predefined policies or a custom policy for your organization’s specific requirements, select which specific APIs or API groups you want to test, and schedule the scan to run on a recurring basis. 

In addition to your custom testing requirements, you can use Suites to power testing programs that align with specific compliance and security frameworks such as HIPAA and PCI-DSS. Three key enhancements make it easy to operationalize your compliance-related testing with Suites:

• Predefined policies on scans designed for standard compliance requirements.
• Configurable evaluation criteria that allow you to further tailor your scan results to the findings that are most critical for you. You can select predefined evaluation criteria that align with compliance frameworks including HIPAA and PCI-DSS, or create custom criteria.
• New dashboard for analyzing scan results, tailored to your application context. You can use these dashboards to track results against specific compliance and security frameworks (pictured below).

Traceable customers can access the new functionality by navigating to Testing > Suites.

We made several additional improvements that deepen and extend our API security testing capabilities:

• Policy enhancements include safe/unsafe scans, adjustable scans, and a broader selection of attack vectors 
• DAST now supports more diverse schema types, including OpenAPI Specs and Postman collections
• API reachability analysis shows reachability status for all APIs in a Suite, and provides remediation suggestions for detected issues

Power deeper threat hunting and investigation with enhanced analytics

We’ve added several new fields within analytics to deliver new ways to analyze trace and span data. The new fields now available are:

• Query params
• Path params
• Request method
• Endpoint Type
• API Risk Category
• Data Set IDs
• API Auth Types
• Is Endpoint Authenticated
• Is Endpoint Encrypted

You can use these fields to power new threat hunting and investigation use cases, and answer new questions such as:

• Where am I seeing GET requests on unauthenticated endpoints?
• Am I seeing any unusual activity on my high risk endpoints?
• Am I seeing any unusual activity on my unencrypted API endpoints?  
• Am I seeing specific threats like BOLA, BFLA, or Scope manipulation on unauthenticated endpoints?
• Has there been increased traffic from specific poorly reputed IP organizations on APIs which also return SSN, credit card information and other PCI/PII information?
• What is the breakdown of traffic seen from residential proxies or BOTs on POST and PATCH APIs as opposed to GET and PUT APIs?
• Has there been a sudden increase in volumetric and injection based attacks on Login and Payment API’s with high API risk that are unauthenticated?
• Are most remote code execution and mass assignment attacks targeting specific query parameters in URLs of booking APIs which are not encrypted ?

Integrate Traceable and your GCP CloudArmor WAF to extend protection

Traceable now integrates with Google’s Cloud Armor WAF to support enforcement of custom blocking policies. When the integration is enabled, creating a policy in Traceable will automatically create corresponding rules in GCP. The integration includes support for any custom policy rules and for threat actors, enabling you to enforce blocking in the WAF for threat actors identified by Traceable.

Send Traceable event logs to your SIEM in Syslog format

Traceable now supports event logs in Syslog format, allowing you to send Traceable event logs to any SIEM platform with Syslog support. This enables security operations teams to bring Traceable event data into the tools they are already using, and use their SIEM to build playbooks for triage, investigation, and response of malicious or suspicious API events identified in Traceable. Syslog support is now available and you learn more about using the feature in our docs. 

About Traceable

Traceable is the industry’s leading API Security company helping organizations achieve API visibility and attack protection in a cloud-first, API-driven world. Traceable is the only intelligent and context-aware solution that powers complete API security – API discovery and posture management, API security testing, attack detection and threat hunting, and attack protection anywhere your APIs live. Traceable enables organizations to minimize risk and maximize the value that APIs bring their customers. To learn more about how API security can help your business, book a demo with a security expert.