February’s releases embrace analytics for safety occasions, enhancements to session attribution, a brand new approach to visualize delicate information flows in your software, and new platform agent administration options.
Listed below are the small print on what’s new:
Safety Occasion Analytics
We’ve launched in-depth analytics for safety occasions to energy deeper exploration of safety occasions detected by Traceable. With the brand new safety occasion analytics, you possibly can establish patterns in safety occasion exercise and examine occasion exercise by a number of key IOCs (indicators of compromise), risk actor, risk kind, API endpoint risk parameters, and supply of visitors (BOT, Proxy, Group and so forth.). You’ll now discover an “Events” tab in analytics, the place you possibly can search, filter, and group safety occasions by 60+ parameters.
With safety occasion analytics you possibly can:
- Establish tendencies in risk varieties and particular malicious habits impacting your group
- Establish and examine spikes in occasion exercise that are helpful indicators of distributed, volumetric or BOT primarily based assaults
- Establish and examine spikes in risk exercise and correlate them with vulnerabilities seen in AST or different safety testing instruments.
- Group safety occasions by risk actor to see which actors have been most energetic in your setting and establish any patterns of exercise from particular actors
- Examine all safety occasions that occurred on excessive danger API endpoints that carry delicate information
- Establish tendencies in occasion varieties impacting your group utilizing API context like authentication kind, encryption, HTTP methodology, safety headers and so forth
- Do forensic evaluation on all APIs a risk actor accessed throughout an assault to shortly collect related info akin to delicate information, financially related information, auth tokens, and so forth.
Enhanced Session Attribution
We’ve made enhancements to session attribution to enhance detection of session-based assault methods akin to Damaged Object Degree Authorization (BOLA), session fixation, land pace violations, and session hijacking. These updates enable us to extra precisely attribute API exercise and occasions to consumer classes, and establish when and the way classes have been compromised. Since consumer attribution depends closely on classes being recognized precisely, prospects get higher protection there too. Enhancements embrace:
- Means to extract session identification attributes from API requests and responses, with granular configuration of session identification guidelines in Person Attribution Administration.
- Figuring out session tokens in request header/physique, cookies
- Session stitching to tie a number of shopper classes to a logical consumer session (e.g. a browser refresh would lead to a number of shopper classes, however we will sew them collectively to point out the true consumer session). Session ID (the stitched consumer session) and the Consumer Session ID can be found in Risk Exercise and Safety Analytics.
With Session ID in analytics, now you can:
- Establish all classes from a particular consumer or risk actor
- Zoom in on a particular session to look at all API transactions and occasions that occurred within the session
- Hunt for situations of session primarily based assaults like BOLA, session fixation, and so forth. by in search of situations the place a number of customers or IPs are driving on an current session to hold out assaults.
Delicate Information Flows in Utility Movement Dashboard
The Utility Movement dashboard has been redesigned to enhance visibility into how delicate information is flowing inside your app and to third-party endpoints. The dashboard robotically identifies gateways, load balancers, proxies, and different functions providers, and visually maps information flows between them. You may discover all information flows or filter primarily based on information sensitivity or service danger degree to simply establish dangerous flows.
Click on into any particular person service to see an in depth API-level breakdown of the delicate information coming out and in. This contains delicate information varieties contained within the request and response for every API endpoint related to the service.
Platform Agent Administration Updates
We’ve added new metrics for monitoring the well being of your platform brokers and new notification choices to provide you with a warning to agent standing adjustments and information assortment points.
Navigate to Administration > Information assortment to see a full checklist of platform brokers. Click on on any agent to view the brand new metrics tab, which now exhibits agent identification particulars, a graph view of knowledge despatched to the platform (spans per minute), and an agent standing changelog.
You may create new notifications to obtain an alert when your setting stops reporting information and when the standing of a platform agent adjustments. Navigate to Administration > Notifications > Create Notification. Choose “Data Collection Activity” because the notification class and select from the choices in “Agent Activity Type” to create a notification in your desired exercise.
