February’s releases embrace analytics for safety occasions, enhancements to session attribution, a brand new method to visualize delicate information flows in your utility, and new platform agent administration options.
Listed here are the main points on what’s new:
Safety Occasion Analytics
We’ve launched in-depth analytics for safety occasions to energy deeper exploration of safety occasions detected by Traceable. With the brand new safety occasion analytics, you may determine patterns in safety occasion exercise and examine occasion exercise by a number of key IOCs (indicators of compromise), risk actor, risk kind, API endpoint risk parameters, and supply of site visitors (BOT, Proxy, Group and many others.). You’ll now discover an “Events” tab in analytics, the place you may search, filter, and group safety occasions by 60+ parameters.
With safety occasion analytics you may:
- Determine traits in risk varieties and particular malicious habits impacting your group
- Determine and examine spikes in occasion exercise that are helpful indicators of distributed, volumetric or BOT primarily based assaults
- Determine and examine spikes in risk exercise and correlate them with vulnerabilities seen in AST or different safety testing instruments.
- Group safety occasions by risk actor to see which actors have been most energetic in your atmosphere and determine any patterns of exercise from particular actors
- Examine all safety occasions that occurred on excessive danger API endpoints that carry delicate information
- Determine traits in occasion varieties impacting your group utilizing API context like authentication kind, encryption, HTTP technique, safety headers and many others
- Do forensic evaluation on all APIs a risk actor accessed throughout an assault to shortly collect related data comparable to delicate information, financially related information, auth tokens, and many others.
Enhanced Session Attribution
We’ve made enhancements to session attribution to enhance detection of session-based assault methods comparable to Damaged Object Degree Authorization (BOLA), session fixation, land velocity violations, and session hijacking. These updates permit us to extra precisely attribute API exercise and occasions to person classes, and determine when and the way classes have been compromised. Since person attribution depends closely on classes being recognized precisely, clients get higher protection there too. Enhancements embrace:
- Capacity to extract session identification attributes from API requests and responses, with granular configuration of session identification guidelines in Consumer Attribution Administration.
- Figuring out session tokens in request header/physique, cookies
- Session stitching to tie a number of consumer classes to a logical person session (e.g. a browser refresh would lead to a number of consumer classes, however we will sew them collectively to indicate the true person session). Session ID (the stitched person session) and the Consumer Session ID can be found in Menace Exercise and Safety Analytics.
With Session ID in analytics, now you can:
- Determine all classes from a particular person or risk actor
- Zoom in on a particular session to look at all API transactions and occasions that occurred within the session
- Hunt for situations of session primarily based assaults like BOLA, session fixation, and many others. by searching for situations the place a number of customers or IPs are driving on an present session to hold out assaults.
Delicate Information Flows in Software Stream Dashboard
The Software Stream dashboard has been redesigned to enhance visibility into how delicate information is flowing inside your app and to third-party endpoints. The dashboard routinely identifies gateways, load balancers, proxies, and different functions providers, and visually maps information flows between them. You may discover all information flows or filter primarily based on information sensitivity or service danger degree to simply determine dangerous flows.
Click on into any particular person service to see an in depth API-level breakdown of the delicate information coming out and in. This contains delicate information varieties contained within the request and response for every API endpoint related to the service.
Platform Agent Administration Updates
We’ve added new metrics for monitoring the well being of your platform brokers and new notification choices to provide you with a warning to agent standing modifications and information assortment points.
Navigate to Administration > Information assortment to see a full checklist of platform brokers. Click on on any agent to view the brand new metrics tab, which now reveals agent identification particulars, a graph view of information despatched to the platform (spans per minute), and an agent standing changelog.
You may create new notifications to obtain an alert when your atmosphere stops reporting information and when the standing of a platform agent modifications. Navigate to Administration > Notifications > Create Notification. Choose “Data Collection Activity” because the notification class and select from the choices in “Agent Activity Type” to create a notification in your desired exercise.
