Application programming interface security startup Traceable Inc. is hoping to get more traction among enterprises with a free version of its main security product.

The company said today its free offering will help DevOps and security operations teams gain more visibility and protection for their application’s APIs, as well as analytical insights.

Founded in 2018, Traceable’s API security platform tracks end-to-end application activity from the user and session all the way down to the code. It combines end-to-end distributed tracing, cloud-native integrations and enhance behavioral analytics to provide modern application and API security.

Designed to support Kubernetes, the Envoy service mesh, serverless and other cloud-native environments, the platform uses machine learning to glean normal application behavior and detect activities that deviate from the norm, allowing users to analyze attack attempts and perform root cause analysis to conduct security operations. The company claims a false positive rate of less than 1%.

The free version of Traceable’s offering provides continuous discovery and inventory of all of an organization’s APIs, including shadow and orphaned APIs, the company said. It offers real-time automatic API documentation, including parameter details, usage patterns, and flags any API changes. Insights meanwhile help DevOps and security teams to understand API usage patterns, user details and where sensitive data is being exposed.

Teams also benefited from continuously updated API risk scores that are based on the likelihood and potential impact of any abuse. Further, the free tool is able to block threats automatically based on factors such as the threat actor, IP range, anomaly detection and signatures.

Traceable co-founder and Chief Executive Jyoti Bansal said API security is still an emerging field and that many application and security teams still don’t know how to address the problem. “Web application firewalls and API gateways simply aren’t enough to overcome these emerging threats and it’s past time for us to have a real-solution that solves the problem rather than just apply a band-aid,” he said.

Bansal cited a recent report from Gartner Inc. that explains how APIs have become commonplace in the enterprise today, with almost every connected mobile, web and cloud-hosted application using and exposing them multiple times a day. APIs are widely used to access data and application functionality that’s often linked to systems of record. So, an API breach will likely have a very negative impact.

“APIs are easily and intentionally programmable, so a vulnerability can leak large volumes of data,” Gartner’s report explained. “That it can be challenging to separate valid API use from nefarious access raises the risk of blocking valid use.”

Companies that use Traceable’s free solution and enjoy its benefits will have the option to upgrade to its Teams and Enterprise versions, which scale to larger application environments and offer more advanced features.

Image: Traceable