Traceable AI raises $60 million to secure app APIs using machine learning – TechCrunch

Traceable AI, a startup offering services designed to protect APIs from cyberattacks, today announced that it has raised $60 million in a Series B funding round led by IVP with participation from BIG Labs , Unusual Ventures, Tiger Global Management and several undisclosed angel investors. The new capital values ​​the company at more than $450 million after cash, and CEO Jyoti Bansal – who is also the co-founder of BIG Labs and Unusual Ventures – says he will be assigned to product development, recruitment and customer acquisition.

APIs, the interfaces that serve as connections between computer programs, are used by countless organizations to conduct their business. But because they can provide access to sensitive functions and data, APIs are an increasingly common target for malicious hackers. According to Salt Labs, the research division of Salt Security (which sells API cybersecurity products, granted), API attacks from March 2021 to March 2022 increased by nearly 681%. Gartner predicts that 90% of web applications will have more attack surfaces exposed in APIs than in UIs and that API abuse will become the top attack vector for most businesses in 2022.

Bansal saw the writing on the wall four years ago, he said, when he co-founded San Francisco-based Traceable with CTO Sanjay Nagaraj. Bansal is a serial entrepreneur, having co-founded application performance management company AppDynamics (acquired by Cisco for $3.7 billion) and Harness (which recently raised a $230 million Series D). Nagaraj, a Harness investor, has long been close to Bansal’s orbit, having previously served as vice president of software engineering at AppDynamics for seven years.

“APIs are the glue that holds modern applications and cloud services together. As enterprises large and small migrate en masse from monolithic applications to highly distributed cloud-native applications, APIs have become a critical service component for digital business processes, transactions and data flows,” Bansal told TechCrunch in an email interview. “However, sophisticated API-led cyber threats and vulnerabilities in sensitive data have also increased rapidly. Companies need machine learning here. To have zero trust, you need the clarity of the API. You can no longer easily buy or hire security guards, so you have to fix these vulnerabilities through technology.

Like many of its competitors, including Salt, Traceable uses AI to analyze data to learn normal app behavior and detect activity that deviates from the norm. Through a combination of “distributed tracing” and “context-based behavioral analysis,” the startup’s software—which runs on-premises or in the cloud—can catalog APIs, including “ghost” (e.g., undocumented) and “orphaned” (e.g. deprecated) real-time APIs, according to Bansal.

Traceable describes distributed tracing as a technique involving the use of “agent modules” that collect diagnostic data from production applications as code executes. Context-based behavioral analysis, on the other hand, refers to understanding the behavior of APIs, users, data, and code as it relates to an organization’s overall risk posture.

“APIs often expose business logic that hackers use to infiltrate applications and private data. Every line of code must be observed in order to properly secure modern cloud-native applications against next-generation attacks,” Bansal said. “Unsupervised, machine learning allows Traceable to go the extra mile and meet API security requirements better than anyone else. As the name suggests, Traceable traces end-to-end application activity. end from the user and the session to the code of the application.

Traceable AI monitoring dashboard.

Traceable provides a risk score based on “a calculation of the probability and possible impact of an attack”, using 70 different criteria (apparently). The software also maps application topologies, data flows, and unique security events, including runtime details on APIs and data stores.

The market for API security solutions is quickly becoming crowded, with vendors such as Cequence, 42Crunch and Noname Security vying for customers. The growth correlates with the general increase in API usage, especially in the enterprise. In twin reportsAPI marketplace RapidAPI found that 90.5% of developers plan to use more or the same number of APIs in 2022 compared to 2021 and 98% of business leaders believe APIs are a critical part of their efforts of digital transformation.

According to data from Crunchbase, companies that describe themselves as securing APIs received $193.4 million in venture funding from late 2019 to June 2021, underscoring the opportunity investors see in the technology.

Traceable has done pretty well despite the competition. Bansal says the company has a number of paying customers, and to drive adoption, Traceable recently released its tracing technology as open source. Called Hypertrace, it allows companies to monitor applications with technologies similar to those that power the Traceable platform.

“The very nature of the fallout from the pandemic further helped accelerate the digital transformation that was already underway. The creation and adoption of millions of microservices and APIs has been a key underlying catalyst for the rapid growth of digital services,” Bansal said. “While different organizations have either created, adopted, or used millions of APIs, this has dramatically increased the attack surface vulnerable to API-based attacks that cannot be detected or stopped by traditional security solutions. This problem requires a whole new approach to detect and stop these new attacks.

While Bansal declined to reveal his annual recurring revenue when asked, Traceable’s total capital is $80 million, most of which is for product development and research, it said. -he declares.

“Companies use Traceable’s rich forensic data and information to easily analyze attack attempts and perform root cause analysis,” continued Bansal. “Traceable applies the power of machine learning and distributed tracing to understand application DNA, evolution, and anomalies to detect and block threats, making businesses more secure and resilient.”

Sherry J. Basler