As founder and CEO of both AppDynamics and Harness, two companies that improved visibility into cloud-native applications, Jyoti Bansal had a unique view of the blind spots that remained.
What he realized was the APIs that often connect hundreds of microservices in modern architectures are most likely to compromise application security, as they massively expand an attack surface in ways that are often difficult to detect, Bansal told CRN.
That insight led Bansal to form Traceable, a San Francisco-based startup that came out of stealth Tuesday with $20 million in funding from Unusual Ventures and a mission to secure modern workloads at the level of their code. Bansal, who sold AppDynamics to Cisco Systems in 2017 for $3.7 billion, spun Traceable out of BIG Labs, his startup studio.
[Related: Refactr CEO: Coronavirus Crisis Is Rapidly Accelerating Shift To DevSecOps]
“API security is a big pain right now, as everything is exposed with APIs and there’s really no visibility security teams have into those APIs,” Bansal told CRN. “There’s really no good solutions in the market these days to do those things.”
Even tech giants like Uber and Facebook have been victims of business logic attacks due to vulnerabilities in microservice APIs, he said.
Traceable looks to provide end-to-end visibility into data flowing through any given API through its distributed tracing system while enforcing security policy at those critical soft points in cloud-native workloads.
“This area needs a complete rethink in how you build next-generation application security,” Bansal said
The startup’s technology “creates the same language” for the developer and security communities, enabling DevSecOps, an emerging method of integrating security into the DevOps pipeline, Bansal said.
“Our approach to market is appraise what’s happening at the code level itself,” Bansal said. “If an attacker is using code in anomalous ways, we provide you a response.”
Traceable co-founder and CTO Sanjay Nagaraj told CRN that while working as vice president of engineering at AppDynamics, and later for a short stint at Cisco, he saw the security challenges posed by distributed services and distributed APIs.
As customers gradually shifted from monolithic services to microservices, there was a general lack of understanding of which APIs were most vulnerable to attack, even as those APIs often exposed business logic that enabled attackers to access sensitive data.
Traceable, which has already deployed the platform for some notable preview customers, connects into three places: the web proxy or API gateway, the Kubernetes and Docker orchestrators as sidecar services, and finally the application layer itself through Java.
That makes it possible to trace application activity from the user and session through the application code.
“That way we are able to track all the data,” Nagaraj said. “We call it edge-to-code.”
The startup’s platform includes TraceAI, machine-learning technology that analyzes data to learn typical application behavior and then detect activity deviating from the norm. The software integrates with Kubernetes, Istio and Envoy service meshes, and Slack and Jira to bring security into developer’s workflows.
Once the platform comes out of beta, the goal will be to integrate with the leading DevOps and security vendors.
Bansal, who still runs DevOps startup Harness, said his new company plans on building a channel as an important component of its go-to-market approach, Bansal said.
“After the launch, that’s a big part of our strategy, to incorporate systems integrators and create a good VAR ecosystem,” Bansal said.
Traceable has open-sourced its underlying platform, Hypertrace, to make robust tracing more accessible, and to foster a community that advances the project.
related stories
Video
trending stories
sponsored resources

Cysurance
Cyber Insurance 360

EPOS
EPOS

Fujifilm
Fujifilm

Dell Technologies
Dell Technologies Storage Learning Center

Mimecast
Mimecast

Comcast
Comcast Business Learning Center

Carbonite
Cloud Storage 360

Application Integration 360

Hitachi Vantara
Hitachi Vantara

Dell Technologies
Dell Technologies Cloud Learning Center

Tenable
Cyber Risk 360

Webroot
Webroot Learning Center

NPD
Industry Trends 360

BlackBerry
BlackBerry Learning Center

Symantec
Symantec Business Security Learning Center

Sherweb
Sherweb

Acer
Remote Workforce 360

APC by Schneider Electric
Digital Services for Edge Learning Center

Channel Chief Showcase

StorageCraft
Disaster Recovery Learning Center

Vertiv
Edge Computing Learning Center

Wasabi
Wasabi

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Cradlepoint
5g for Business 360

Comm100
Collaboration & Communications 360

Veeam
Veeam

eSentire
Managed Detection and Response 360

Smart 3rd Party
3rd Party Maintenance 360

Sophos
Sophos Cybersecurity Learning Center

Trend Micro
Trend Micro Learning Center

VMware

Dell Technologies
Dell Technologies Server Learning Center
