Traceable AI raises $60 million to secure app APIs using machine learning – TechCrunch

Traceable AI, a startup offering services designed to protect APIs from cyber-attacks, today announced it has raised $60 million in a Series B round led by IVP with the participation of BIG Labs, Unusual Ventures, Tiger Global Management and several unnamed investors. The new capital values ​​the company at more than $450 million post-money, and CEO Jyoti Bansal — who is also the co-founder of BIG Labs and Unusual Ventures — says it will be spent on product development, recruiting and customer acquisition.

APIs, the interfaces that serve as connections between computer programs, are used by countless organizations to conduct business. But because they can provide access to sensitive functions and data, APIs are increasingly becoming a target for malicious hackers. According to Salt Labs, the research division of Salt Security (which sells API cybersecurity products, admittedly), API attacks increased by nearly 681% from March 2021 to March 2022. Gartner predicts that 90% of web-enabled apps will have more attack surfaces in APIs than user interfaces and API abuse will become the main attack vector for most companies by 2022.

Bansal saw the writing on the wall four years ago, he said, when he co-founded San Francisco-based Traceable with CTO Sanjay Nagaraj. Bansal is a serial entrepreneur and co-founded app performance management company AppDynamics (which was acquired by Cisco for $3.7 billion) and Harness (which recently raised a Series D of $230 million). A Harness investor, Nagaraj has been around Bansal for a long time, previously serving as VP of software engineering at AppDynamics for seven years.

“APIs are the glue that holds modern applications and cloud services together. As enterprises of all sizes migrate en masse from monolithic to highly distributed cloud-native applications, APIs are now a critical service component for digital business processes, transactions and data flows,” Bansal told TechCrunch in an email interview. “However, advanced API-targeted cyber threats “And vulnerabilities to sensitive data have also increased rapidly. Businesses need machine learning here. To have zero trust, you need API clarity. You can’t just buy or hire security people anymore, so you have to solve those vulnerabilities with technology.”

Like several of its competitors, including Salt, Traceable uses AI to analyze data to learn normal app behavior and detect activity that deviates from the norm. Through a combination of “distributed tracing” and “context-based behavioral analytics,” the startup’s software — which works on-premises or in the cloud — can catalog APIs, including “shadow” (e.g., undocumented) and “orphan” (e.g., legacy) APIs in real time, according to Bansal.

Traceable describes distributed tracing as a technique that uses “agent modules” that collect diagnostic data from production apps as code runs. Context-based behavioral analysis, meanwhile, refers to understanding the behavior of APIs, users, data, and code in relation to an organization’s overall risk attitude.

“APIs often expose business logic that threat actors use to infiltrate applications and private data. Every line of code must be observed to properly secure modern cloud-native applications against next-generation attacks,” said Bansal. “Automated and unsupervised machine learning enables Traceable to go deeper and fulfill the API security requirement better than anyone else. As the name suggests, Traceable tracks end-to-end application activity from the user and session down to the application code.”

Traceable AI monitoring dashboard.

Traceable gives a risk score based on “a calculation of the probability and possible impact of an attack”, using 70 different criteria (allegedly). The software also maps app topologies, data flows, and unique security events, including runtime details about APIs and data stores.

The API security solutions market is rapidly filling up with vendors such as Cequence, 42Crunch, and Noname Security vying for customers. The growth is related to the general increase in API usage, especially in the enterprise. In duplicate reports, API marketplace RapidAPI found that 90.5% of developers expect to use more or the same number of APIs by 2022 compared to 2021 and 98% of business leaders believe APIs are a critical part of their efforts in the field. of digital transformation.

According to Crunchbase data, companies describing themselves as securing APIs received $193.4 million in venture capital from late 2019 to June 2021, highlighting the opportunities investors see in the technology.

Traceable has done quite well despite the competition. Bansal says the company has a number of paying customers and – to drive further adoption – Traceable recently released its tracing technology in open source. Called Hypertrace, it enables enterprises to monitor apps with technologies similar to those of the Traceable platform.

“The nature of the pandemic has helped accelerate the digital transformation already underway. The creation and adoption of millions of microservices and APIs has been a key underlying factor in the rapid growth of digital services,” said Bansal. “As various organizations have created, adopted, or used millions… APIs, the attack surface vulnerable to APIs is based attacks that cannot be detected or stopped by traditional security solutions, this problem requires a whole new approach to detect and stop these new attacks.”

While Bansal declined to disclose annual recurring revenues when asked, Traceable’s total capital stands at $80 million — the bulk of which goes to support product development and research, he said.

“Companies are using Traceable’s rich forensic data and insights to easily analyze attack attempts and analyze the root cause,” Bansal continues. “Traceable applies the power of machine learning and distributed tracing to understand application DNA, how it changes and where there are anomalies to detect and block threats, making businesses more secure and resilient.”


This post Traceable AI raises $60 million to secure app APIs using machine learning – TechCrunch was original published at “https://techcrunch.com/2022/05/02/2307940/”

Leave a Reply

Your email address will not be published.