Traceable AI launched Zero Trust API Access to help organizations better protect sensitive data, stop API abuse, and align data security programs with broader innovation and business objectives.
Traceable’s Zero Trust API Access actively reduces attack surface by minimizing or eliminating implied and persistent trust for APIs.
“You cannot have true zero trust without API security,” said Sanjay Nagaraj, CTO of Traceable. “Traceable’s Zero Trust API Access provides a guiding principle for API security architectures for enhanced data protection, security posture and resiliency. APIs are the universal attack vector, and if companies truly want to take the Zero Trust framework seriously, protect their data and create an environment that enables the ability to grow securely, they need a solution that is both strategic and tactical.”
Zero Trust API Access (ZTAA) provides enterprises considerable business benefits including:
Dynamic Data Access policies stop data breaches in their tracks: With Traceable, you can detect and classify the data that APIs are handling, to apply proper policies. These policies define which users and roles can access different data types, at what times, from what geolocations and from what client types. With dynamic data access policies, you can quickly and easily create policies with out-of-the-box templates or customize policies based on organization needs.
Continuous Adaptive Trust for real-time threat prevention: Traceable’s ZTAA provides security that continuously adjusts to the organization’s threat landscape. This is achieved through real-time, context-based authentication and authorization for API access (both user and machine). Traceable can stitch APIs, as well as the data and user context, via flexible data collection options.
This ensures that adaptive trust is enforced for APIs at the edge, as well as for all internal services, for-service APIs and 3rd party APIs. The result is the right access for the right users and entities, at the right time, thereby protecting the business and its sensitive customer data.
Intelligent Rate Limiting for API abuse prevention: API rate limiting enables organizations to control the incoming traffic to an API by automatically limiting the number of requests that the API can receive within a given period of time. After the limit is reached, the policy rejects all requests, thereby avoiding any additional load on the backend API.
Intelligent rate limiting factors in the rates for users, proxies, bots, and the business function of APIs. This provides enhanced protection against API DDoS attacks, reduces load on backend APIs, honors SLAs, and reduces costs often associated with 3rd party APIs. Access to APIs and sensitive data is therefore proactive and automatic, preventing API abuse.
Security becomes a business enabler: When combined, Zero Trust Security and API Security create a holistic and robust security approach that actively mitigates the risks associated with accessing sensitive data via APIs. This comprehensive approach helps protect sensitive information and fosters a secure environment for innovation and growth. Organizations can now confidently offer new products and services, turning security from a hindrance, to a catalyst for accelerated growth.
Traceable’s Zero Trust API Access is essential to aligning zero trust implementations with the realities of today’s application architectures and extending the Zero Trust Security model to the full application stack.
The solution will be showcased at RSA Conference 2023, which is taking place in San Francisco.