Hot Topics
Security Bloggers Network 
SBN

December Software Release

by Muzaffer Pasha on February 15, 2022

We closed out 2021 with a number of software features for the December release.  Let’s break down each feature update: 

Log4Shell Defense 

Log4Shell was one of the most impactful vulnerabilities seen in recent times.  December was an extremely busy month for Traceable as we worked with customers to protect their environments from the Log4Shell vulnerability. Here is our quick start guide and a webinar which explains the vulnerability and Traceable’s approach in more detail. 

In the December release, Traceable AI directly helped our customers with security protection that helped to block Log4Shell exploitation that could lead to sensitive data loss. In addition to our existing Java attack detection capabilities, Traceable AI helped arm our customers with comprehensive coverage that blocked Log4Shell attacks as follows: 

  • Added signatures to detect CVE exploitation from the Log4Shell family
  • Added JNDI command blocking within the Java in-app agent. 

Attack dashboard 

We have updated the attack dashboard to help security engineers assess the attack climate of their cloud-native environment at a glance. The new dashboard includes a summary of application activity that includes the following: 

  • The number of unique users and traffic
  • Graph of attackers
  • Attack requests 
  • List of blocked event security events

API Endpoint Details dashboard 

We have streamlined the API Endpoint details page to highlight API Intelligence details and make the security summary more accessible. The new view summarizes security events and vulnerabilities detected for a given API Endpoint, displays all sensitive data types found in each of the requests and responses, and publishes the OpenAPI specification. 

HA Proxy support 

HAProxy delivers free and open-source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications that spreads requests across multiple servers, which has a reputation for being efficient with regards to memory and CPU usage. Customers who deploy HAProxy as a load balancer or in a reverse proxy in their infrastructure can now deploy Traceable tracing agents as a plug-in into their HA Proxy deployments. API catalog, static and dynamic detection, signature-based blocking, rate limiting, IP blocking, and other features will be supported on this tracing agent. HAProxy support will be available with Tracing Agent version 1.11.3 or above. 

SOC 2 Type 2 Compliance

Traceable has received SOC 2 Type 2 certification. This certification shows that Traceable pays significant attention to the security, availability, and privacy of our customers and their data. This is why many customers entrust Traceable to protect their applications.  SOC 2 Type 2 report is an internal controls report that captures how a company safeguards customer data and assesses how well it controls are operating. Companies that use cloud service providers use SOC2 reports to assess and address the risk associated with 3rd Party technology services. 

The post December Software Release appeared first on Traceable App & API Security.

*** This is a Security Bloggers Network syndicated blog from Blog authored by Muzaffer Pasha. Read the original post at: https://www.traceable.ai/blog-post/dec-sw

Muzaffer Pasha , , ,