Traceable

Our latest blog evaluates the collaborative effort required to secure APIs. It’s not a one-person job! Ensuring API security demands the involvement of various stakeholders across your organization. 🤝 👥 Key Highlights: 📌 The pivotal roles of CISOs, Heads of Enterprise Architecture, and Heads of Product & Application Security. 📌 How Product & Application Security Teams, SOC, and Incident Response Units ensure hands-on implementation. 📌 The importance of supporting roles like GRC, Anti-Fraud Teams, DPOs, and API Developers. 📌 Leveraging a RACI Matrix to define clear roles and responsibilities. If you’re looking to build a comprehensive API security program, understanding the roles and responsibilities of these key players is crucial. Read the full blog here: <https://lnkd.in/epRNEJ3a>

🚀 Join us at OWASP Global AppSec DevDay on September 25th! We're excited to share that Traceable's Co-Founder and CTO, Sanjay Nagaraj and Jayesh Ahire, Founding Member of Product Management at Traceable, will be speaking on a topic that's crucial for today's tech landscape. Session: Defending APIs: Past, Present, and Future As APIs become the backbone of modern applications, especially in the era of Cloud Native Distributed Systems, Generative AI, and LLMs, the need for robust API security has never been greater. Jayesh and Sanjay will cover the evolving API security landscape, highlighting how advanced technologies like eBPF can enhance API protection. What to expect: 🔮 Insights into the future of API security 📈 Real-world use cases of eBPF in action 🛠️ Practical strategies to integrate cutting-edge technologies into your security practices Don’t miss this opportunity to connect with fellow developers, share your challenges, and explore solutions together. See you there! 💻  Check it out: https://lnkd.in/g9W9JmJf

🚨 How 1 Exposed Honeywell API Gave Us Control Over an Internal Engineering System Traceable's ASPEN team uncovered a critical vulnerability in Honeywell’s internal BEDQ system. Our latest blog post reveals how a single exposed API endpoint allowed us to gain control over sensitive engineering data, highlighting a significant security risk. In this discovery, we found that a broken authentication issue combined with inadequate authorization controls led us to full access. This exposed how even minor API vulnerabilities can lead to major security breaches. Key Findings: 🕵️♂️ Exposed Endpoint: An unauthenticated API endpoint allowed access to sensitive user data. 🔑 Privilege Escalation: We exploited this flaw to gain super admin access, controlling critical engineering projects. Learn more about our findings, the steps we took to report and resolve this issue with Honeywell, and the best practices for preventing similar vulnerabilities in the future. Read the blog here: https://lnkd.in/eCdxVxnY

As AI and large language models (LLMs) reshape technology, the security of APIs is becoming increasingly crucial. At Black Hat 2024, Tyler Shields sat down with DZone to discuss the challenges developers face in securing APIs that power AI and LLM applications. With the rise of cloud infrastructure and microservices, the number of APIs is growing rapidly, introducing new risks. Shields emphasized that protecting these APIs is essential to safeguarding AI systems. Here are the key takeaways from the discussion: 👁️ Keep an eye on everything: Visibility into API traffic is vital, especially in complex cloud environments. 🧠 Understand the context: Analyzing how APIs behave helps spot issues before they become problems. 🔄 Adapt your approach: As AI technology evolves, so must our methods for securing the APIs that support it. Learn how we’re helping teams protect their AI-driven applications: https://lnkd.in/eZjDMwKX

Our Head of Product, Amod Gupta, was featured on the Last Watchdog podcast at Black Hat this year, discussing the disruptive impact of Generative AI (GenAI) and Large Language Models (LLM) on API security. As companies across industries race to deploy GenAI/LLM solutions, securing the data transmitted through APIs is becoming increasingly critical. Amod highlighted how hyper-interconnectivity is intensifying at the API level, creating new challenges and opportunities. He also touched on the potential for threats like prompt injection attacks to escalate, and how Traceable is staying ahead by monitoring these developments with our advanced API security platform. Amod also shared insights into how Traceable is exploring the use of GenAI to bolster security. Imagine a security team member using a GenAI assistant to quickly analyze a unique vulnerability or a suspicious API activity pattern—saving hours of manual work and enhancing our ability to respond to emerging threats. Catch the full conversation in the Last Watchdog podcast for a deep dive into the future of API security in the age of GenAI/LLM. Listen here: https://lnkd.in/d--dJ-P5

Google Cloud has just unveiled the general availability of Service Extensions callouts for Application Load Balancers, and with it, an ecosystem of nine industry-leading partners is being introduced. These integrations are designed to enhance application security, experience, and observability on a global scale. 🚀 At Traceable, we’re excited to be part of this innovation. Our integration with Google Cloud’s Application Load Balancers via Service Extensions will empower organizations to fortify their API security while leveraging the best-in-class solutions Google’s ecosystem offers. Here’s how our partnership with Google Cloud benefits your organization: 📌 Enhanced API Security: Protect your APIs with Traceable’s comprehensive discovery, posture management, and attack detection solutions, seamlessly integrated into Google Cloud’s infrastructure. 📌 Streamlined Operations: Reduce complexity with partner integrations that simplify the addition of new capabilities, allowing your IT teams to focus on what matters most. 📌 Access to Cutting-Edge Technology: Stay at the forefront of innovation by tapping into an open ecosystem designed for flexibility, choice, and rapid technological advancements. 📌 Customized Solutions: Choose the best-fit solutions from a wide range of partners, ensuring that your security needs are met precisely and effectively. We’re proud to collaborate with Google Cloud to bring these powerful capabilities to your API-driven environment. 🤝 Read Google Cloud Security's full blog here: https://lnkd.in/eJprrtTM

We are incredibly proud to see our very own Prerana Singhal, Founding Engineer at Traceable, being featured in DATAVERSITY Women in Data series! 👏 Prerana's journey is a testament to the power of innovation, resilience, and passion for technology. Her contributions have been instrumental in shaping the future of API security, and we're thrilled to see her recognized as a leader in the industry. At Traceable, we believe in empowering and uplifting our team members, and Prerana's story is a shining example of the incredible talent we have here. Her dedication and expertise inspire us all to push the boundaries of what's possible. Check out the full article to learn more about Prerana's journey and insights:  https://lnkd.in/gAJcj3dy

ICYMI: ⬇️ AI security starts at the API. 💯 Whether you're using 3rd party APIs like OpenAI, open-source tools like HuggingFace’s Text Generation Inference, or your own #GenAI stack with an API wrapper, securing these APIs is crucial. Join our webinar to learn: 🛡️ Where the new generative AI attack surface lies 🛡️ Key security risks associated with generative AI 🛡️ The critical role APIs play in generative AI security 🛡️ How to secure generative AI at the API level 🛡️ Leveraging your existing skills, tools, and processes to address these security risks Whether you're new to generative AI security or managing ‘shadow’ GenAI API usage within your organization, this webinar will provide valuable insights and actionable strategies. 🗓️ Don't miss out! Watch the on-demand webinar here: https://bit.ly/4bIcaG4 #AIsecurity #AI #generativeAI #APIsecurity

API visibility increased to 100%. A 4x improvement in vulnerability discovery. Risk scores available for 100% of APIs. Traceable has delivered incredible results for our customer Axos. As a pioneer in digital banking, Axos has been challenging the status quo of traditional financial services for more than two decades. Axos relies on APIs to provide innovative banking products and services to customers nationwide. Their security team, led by CISO Raghu Valipireddy, was challenged to manage API sprawl and to comprehensively monitor all changes, updates, and data flows throughout their API ecosystem. Here's how Traceable helped Axos Bank on their journey to comprehensive API Security: https://bit.ly/3YM8LCP

We’re excited to sponsor 𝗖𝗜𝗦𝗢 𝗦𝗶𝗻𝗴𝗮𝗽𝗼𝗿𝗲 𝟮𝟬𝟮𝟰, where over 400 cybersecurity professionals will converge on August 20-21. Our very own, Richard Bird, will be at the event! This event is all about collaboration, innovation, and strategy as senior infosec leaders come together to discuss CISO leadership, customized security programs, and navigating today’s dynamic risk landscape. Whether you're advancing in your career or leading the charge, this is the place to be. 👉 Hurry, spots are almost gone! Reserve your place now: https://lnkd.in/envchT5D