Harness Inc. and Traceable Inc. have today debuted a new solution purpose-built to secure modern cloud-native applications and application programming interfaces where they run.

The new product, Traceable Cloud Web Application and API Protection, or WAAP, is the first new product from the two companies since they merged in February and brings together technology from both companies to deliver deep, real-time protection across the entire software lifecycle. The new platform integrates API discovery, runtime threat detection, bot mitigation and distributed denial of service defense into a unified platform designed to help security and engineering teams collaborate more effectively without slowing down development.

The new platform addresses the shortcomings of traditional WAAP solutions, which often rely on perimeter-based protection ill-suited to distributed, API-driven architectures. While many legacy offerings focus on static traffic inspection and manual rule configurations, Traceable Cloud WAAP uses real-time behavioral analysis to understand how traffic is expected to behave across users, APIs and sessions, enabling earlier threat detection and smarter response.

At the core of the new platform is the ability to provide deep contextual awareness across modern environments, including advanced API discovery using traffic analysis, encrypted flow inspection and integration with code repositories to uncover both documented and shadow APIs. This is then combined with sensitive data flow mapping and customizable risk scoring to deliver comprehensive visibility into application exposure.

Traceable Cloud WAAP also includes built-in shift-left features that embeds security earlier in the development cycle. Security testing can be integrated directly into continuous integration/continuous delivery or CI/CD pipelines, allowing teams to identify and remediate API vulnerabilities before they reach production. The result is a reduction in security debt and enhanced proactive protection that doesn’t impede development velocity.

For real-time protection at arge scale, the platform offers multiple deployment options. Organizations can deploy out-of-band by mirroring traffic or using eBPF for passive monitoring, use inline agents at the API gateway or application level, or route traffic through Traceable’s edge network via DNS for agentless, managed protection.

The platform can also identify and mitigate humanlike bots and business logic abuse threats that are often missed by traditional WAAPs. Using attacker fingerprinting and user/session attribution, Traceable WAAP can distinguish between legitimate and malicious behavior even in complex, dynamic environments.

Image: SiliconANGLE/Reve