Hot Topics
Security Bloggers Network 
SBN

January Software Release – Kicking off the New Year

by Muzaffer Pasha on February 15, 2022

It’s January and we kicking off the new year with a new set of features aimed at improving application security for our customers. Traceable AI has released a range of new features and deployment options with the continued aim to help our customers to have the best API security solution on the market. 

1. Traceable is now available on AWS Marketplace! 

Traceable AI is now available on the AWS marketplace for direct purchase or private offers. Traceable AI currently has support on the following AWS services: 

AWS Builder Community Hub
  • Amazon Elastic Kubernetes Service (EKS), 
  • Elastic Container Service (ECS)
  • EC2 instances.

In addition, we support customers who require an agentless deployment option via AWS traffic mirroring. 

To directly purchase Traceable AI, you can check out our AWS marketplace listing for additional information. 

Traceable API Security for Cloud-Native Apps

2. Kubernetes Data Collection 

Traceable AI now supports new agentless data collection methods for Kubernetes deployments that now include: 

  • Pod Level Mirroring
  • Daemonset(per node) mirroring 
Daemonset Mirroring

3. Traceable AI API 

Traceable AI now offers customers direct API access to directly manage their policy and data hosted on Traceable AI. Customers can securely access their tenant data via an authorization token which enables authorized access to their tenant hosted on Traceable AI. 

Customers can perform via API the following functions: 

  • Create protection policies, rate limiting, IP/Geo-Blocking rules, and more 
  • Obtain your Application APIs(internal and external) based on threats, risk-score, call volume, and activity. 
  • Obtain updates on cyber-attacks based on the threat level, active and blocked security events. 
  • Use GraphQL APIs to obtain information from Traceable. 
Traceable AI API

4. Label Management 

Customers can now create labels that tag API Endpoints and Services based on specific attributes. The capability to tag API Endpoints and Services can help customers to organize, manage and simplify the day-to-day activities that are required to protect their organization’s mission-critical APIs.  

Label management can be used by customers to perform use-cases such as the following: 

  • Log4Shell: Find all API Endpoints and Services in your application that are impacted by Log4Shell Vulnerability
  • AWS VPC or Kubernetes Cluster: Label all API Endpoints and/or services that are running in an AWS VPC or Kubernetes Cluster
  • Sensitive Data Classification: Label all external API Endpoints which are process PCI, PII and/or other sensitive data. 
Label Management
Create Label Rule

5. Jira Integration 

Traceable AI now integrates with Jira, enabling the automatic creation of  JIRA tickets based on established criteria as configured by an admin. This can seamlessly create workflows that ensure that security and development teams are in sync and can communicate which APIs are vulnerable and require remediation by a developer.   Jira tickets can be created based on the following criteria: 

  • Security events:  A Jira ticket can be created based on a security event that has taken place. This can include threat actors, specific URI, service/endpoints, and more.  
  • Vulnerabilities Detection: A Jira ticket can be based on a specific vulnerability that has been identified: This can include vulnerability type, the total number of APIs impacted, mitigations details. 
Create Jira Issue

6. Vulnerability Management

Traceable AI has included new vulnerability detection and management improvements to further help customers to identify critical vulnerabilities within their API applications that require remediation. These improvements include the following: 

  • API Vulnerability: Detection of API vulnerabilities now includes API vulnerabilities that do not have the proper level of encryption and incorrect security headers. 
  • Vulnerability product page: This vulnerability product page contained within the Traceable AI UI  has been made more actionable and easier to pinpoint specific vulnerabilities. Summary charts are now included, which enable vulnerabilities to be grouped by specific service makes it much easier to provide direct Jira integration. This makes it easier to have a vulnerability assigned to the responsible development team which owns the service for remediation. 
Vulnerability Management

Traceable AI enables more flexible searching that now includes new regular expressions and ‘~’ operations that make it easier to search for a “substring” within a larger field in a trace. This improved functionality can help with root-cause analysis of detected security issues and advanced configuration tasks such as identifying specific sessions. 

Trace Explorer Flexible Search

8. Revamped Documentation 

We have now improved our documentation by organizing it by an easy-to-understand structured framework. Customers can avoid searching for specific topics and explore by easy-to-understand categories and read relevant material by topic. This makes it much easier to find the information that you are looking for to manage your Traceable AI deployment. 

Revamped Documentation

The post January Software Release – Kicking off the New Year appeared first on Traceable App & API Security.

*** This is a Security Bloggers Network syndicated blog from Blog authored by Muzaffer Pasha. Read the original post at: https://www.traceable.ai/blog-post/january-software-release-kicking-off-the-new-year

Muzaffer Pasha , , , ,