We look forward to presenting Transform 2022 in person again on July 19th and virtually from July 20th to 28th. Join us for insightful conversations and exciting networking opportunities. Register today!
Today, API security provider Traceable AI announced that it has raised $60 million in a Series B funding round. The new funding values the company at more than $450 million and will be used to invest in product development and research while expanding its sales and marketing teams to fuel its growth.
Traceable AI’s solution collects data from user-driven transactions as it flows through APIs and stores it within the platform. The solution then uses machine learning to transform the application’s business logic into a logistics model.
This logistic model is processed with machine learning that learns to recognize changes from normal application behavior over time.
For enterprises, the platform provides a tool for detecting API-level attacks that often slip under the radar of understaffed or understaffed security teams in environments with many cloud-native applications.
The difficulties of protecting APIs in the cloud age
Today, many organizations are in a position where their API attack surface is expanding, but they don’t have access to the expertise or tools needed to mitigate those risks. For example, research shows that misconfigured APIs account for up to two-thirds of cloud breaches.
At the same time, attackers know that organizations are unprepared to protect APIs, with API attacks increasing 348% in the first six months of this year as 94% of organizations report having encountered an API-related attack in the past 12 months had security incident.
The reason for the rise in security incidents is that the growth in the number of cloud apps has opened up a mountain of security vulnerabilities that legacy security tools are ill-equipped to address.
“Organizations simply don’t have the right security tools in place to protect their growing API attack surface. Existing application security tools that rely on regular expression-based signatures to catch exploits generate large numbers of false positives. The widespread use of APIS that drive business success today is blocked by traditional security solutions while allowing malicious cyberattacks to exploit API applications and exfiltrate sensitive data,” said Traceable AI CEO and co-founder Jyoti Bansal.
“Modern API-driven applications move too fast, releasing new features while inadvertently exposing API vulnerabilities and flaws in business logic. Existing security tools like WAFs, RASP, and API gateways just aren’t moving fast enough to adapt to the speed of API application development and their security needs,” said Bansal.
Traceable API aims to enable security teams to keep up with API-level threats by offering user attribution for each recorded transaction and distributed tracing to provide an overview of a threat actor’s entire history of user activity across systems and overtime to obtain.
This provides a holistic view of the threat actor’s activities and the magnitude of the threat they pose to the organization, making it easier for human analysts to understand what the top threats are and how to block them.
The API Management Market
Traceable API is part of the fast-growing global API management market, which researchers estimate will grow from $4.1 billion in 2021 to $8.41 billion in 2027 as companies invest more in solutions to prevent API and application layer attacks.
The provider competes with a number of other well-established API security vendors, including No Name Security, which recently raised $135 million in a Series C funding round and achieved a $1 billion valuation.
No Name Security provides an API security posture management solution that can inventory APIs and identify misconfigurations and vulnerabilities through the use of AI and ML models.
Another competitor is Salt Security, which earlier this year raised $140 million in a Series D funding round that brought its total funding to $271 million. Salt Security provides users with an API context engine that can continuously discover APIs, identify vulnerable APIs, test APIs in pre-production, and block API attacks.
Although these solutions are well-established, Bansal argues that the focus of Traceable AI is to show the path from the attacker to the analyst, so that the analyst can “understand the unique business logic, user attribution and context of each API – from development to production “.
VentureBeat’s mission is intended to be a digital marketplace for technical decision makers to acquire knowledge about transformative enterprise technology and to conduct transactions. Learn more about membership.