Trackable AI raises $60M to secure app APIs using machine learning – TechCrunch
AI can track, a startup that provides services designed to protect APIs from cyberattacks, today announced that it has raised $60 million in an IVP-led Series B round with the participation of BIG Labs, Unusual Ventures, Tiger Global Management and a number of undisclosed angel investors. The new funding values the company at more than $450 million after money, and CEO Jyoti Bansal – who is also a co-founder of BIG Labs and Unusual Ventures – says it will be focused on product development, recruiting and customer acquisition.
APIs, interfaces that act as connections between computer programs, are used by countless organizations to conduct business. But because they can provide access to sensitive functions and data, APIs are increasingly becoming a popular target for malicious hackers. According to to Salt Labs, the research arm of Salt security (a company that sells licensed, API cybersecurity products), API attacks between March 2021 and March 2022 increased by nearly 681%. Gartner forecast that 90% of web-enabled applications will have more exposed attack surfaces in the API than the user interface, and that API abuse will become top attack vector for most companies by 2022.
Bansal saw the writing on the wall four years ago, he said, when he co-founded San Francisco, California-based Traceable with CTO Sanjay Nagaraj. Bansal is a serial entrepreneur who co-founded an app performance management company AppDynamics (acquired by Cisco for $3.7 billion) and Exploit (recently raised a $230 million Series D). Nagaraj, an investor in Harness, has long been close to Bansal’s orbit, having previously served as VP of Software Engineering at AppDynamics for seven years.
“APIs are the glue that holds modern apps and cloud services together. As businesses large and small migrate seamlessly from highly distributed cloud-native applications to cloud-native applications, APIs are now a critical service component for digital business processes. , transactions, and data flows,” Bansal told TechCrunch in an email interview. “However, sophisticated API-driven cyberattacks and vulnerabilities to sensitive data have also increased rapidly. Businesses need machine learning here. To have no trust you need API clarity. You can no longer easily buy or hire security people, so you need to address these vulnerabilities through technology.”
Like some of its competitors, including Salt, Traceable uses AI to analyze data to understand normal application behavior and detect activity that deviates from the norm. Through a combination of “distributed tracking” and “context-based behavioral analytics,” the startup’s software – running on-premises or in the cloud – can catalog APIs including “shadow” (e.g., undocumented) and “undocumented” (e.g., deprecated) APIs in real-time, according to Bansal.
Traceable describes distributed tracing as a technique that involves the use of an “agent module” that collects diagnostic data from within a production application when executing code. Whereas, context-based behavioral analysis deals with understanding the behavior of APIs, users, data, and code as it relates to the overall risk status of the organization.
“APIs often reveal the business logic that threat actors use to infiltrate applications and private data. Bansal says every line of code needs to be observed to secure modern cloud-native apps from next-generation attacks. “Automated and unsupervised machine learning allows Traceable to go deeper and fulfill API security claims better than anyone. As the name implies, Traceable tracks application activity end-to-end from users and sessions through application code. ”
Trackable provides a risk score based on “calculating the likelihood and likely impact of an attack,” using 70 different criteria (according to the report). The software also maps application topology, data flows, and unique security events, including runtime details on APIs and data stores.
The API security solutions market is rapidly becoming crowded, with vendors including Cequence, 42Crunch and Noname Security jostling for customers. The growth correlates with an overall increase in API usage – especially in the enterprise. In double reportRapidAPI API Marketplace found that 90.5% of developers expect to use more or the same number of APIs in 2022 than in 2021, and 98% of business leaders believe APIs are an important part of their efforts. their digital transformation.
According to For Crunchbase data, companies that describe themselves as API secure received $193.4 million in venture funding between late 2019 and June 2021, highlighting the opportunity investors see in technology.
Traceable has done quite well for itself despite the competition. Bansal says that the company has a number of paying customers and – to drive further adoption – Traceable recently released its open-source tracing technology. Named Hypertraceit allows businesses to monitor applications using the same technologies as those powering the Trackable platform.
“It is the very nature of the pandemic disaster that has helped accelerate the digital transformation that is already underway. The creation and adoption of millions of microservices and APIs has been a core fundamental for the rapid growth of digital services, said Bansal. “As different organizations have created, adopted, or used millions of… APIs, it has dramatically increased the attack surface that is vulnerable to API-based attacks that traditional security solutions have. cannot be detected or prevented. This problem requires an entirely new approach to detecting and preventing these new attacks.”
While Bansal declined to disclose annual recurring revenue when asked, Traceable’s total capital is $80 million — much of which will go toward supporting product development and research, he said.
“Enterprises use Traceable’s rich forensic data and insights to easily analyze attack attempts and perform root cause analysis,” continued Bansal. “Traceable applies the power of machine learning and distributed tracking to understand an application’s DNA, how it changes, and anomalies to detect and block threats, making businesses more secure and resilient. ”