Image: Rick_Jo, Getty Images/iStockphoto

Traceable, a new end-to end application security monitoring platform, launched on Tuesday with $20 million in series A funding. Financed by Unusual Ventures, Traceable uses artificial intelligence and distributed tracing to keep cloud-native applications safe from malicious actors.

SEE: Microservices: The foundation of tomorrow’s enterprise applications (free PDF) (TechRepublic)

“People are building a lot of different software applications–everything in our life is becoming software. You use software for mobile apps and data apps for all sorts of things, and these applications are hard to secure,” said Jyoti Bansal, CEO and co-founder of Traceable.

Bansal is the founder and former CEO of AppDynamics, during which he witnessed the significant increase in cloud-native architecture adoption, he said.

The main reason cloud-native apps have become so popular is because of velocity, Bansal said.

“People want high velocity. In this kind of a cloud, a developer can just call an API in the cloud. And within 30 seconds, they will have infrastructure and machines. So it keeps this high amount of velocity,” Bansal said. “The second thing that people are doing as part of these cloud-native applications is breaking their code into smaller pieces.

“Let’s say if you have one really large ship, it’s hard to steer. But if you can break it into really, really small power boats, they can all move fast on their own. That’s this microservices architecture that is a big part of this cloud-native system now,” Bansal said. “People can get higher innovation velocity. For almost every business, that is a big competitive advantage or disadvantage.”

However, it is this code that specifically needs to be protected.

How Traceable works

“The next generation of cybersecurity challenges are all becoming around how to secure the applications and the code and someone doesn’t steal data,” Bansal noted. “Traditionally, cybersecurity has been around securing the network. You still need to protect the network, but the most important thing that we want to protect beyond that is the code itself.

“Software code is where people are trying to use the code in a way to steal different kinds of things,” Bansal said. “Our approach is to bring a cybersecurity solution to the market to secure applications and APIs.”

Traceable says it’s the only application security platform that traces end-to-end application activity from the user all the way through the code. Using the platform’s machine learning technology, TraceAI, the system familiarizes itself with the data to learn normal applications, allowing it to detect activity that strays from the norm, said Sanjay Nagaraj, CTO and co-founder of Traceable.

“If a malicious user comes in and tries to access data through [a business’s] APIs, you should then have an understanding of why that user is malicious. It is not just about the identity of the user, which is what typically networks would use,” Nagaraj said. “You need to understand what the code was intended to do. What was the purpose of the code itself and how it was intended to be accessed by the users? That’s where the technology is built on.”

Nagaraj was also previously a part of the AppDynamics family, as the former vice president of engineering, during which time he also witnessed the growth of cloud-native apps and the demand to secure that data within them.

To help as many developers protect their applications as possible, Bansal and Nagaraj made Traceable’s underlying distributed tracing platform available as an open source project, named Hypertrace.

“We wanted to say that technology is something that can now be available to the DevOps as a community, Nagaraj said. “And that’s where we said that part of the platform, Hypertrace, [would be] open source, so DevOps communities can actually take advantage of it.”

Through Hypertrace, DevOps teams are able to observe and monitor production applications using the same comprehensive distributed tracing that powers Traceable.

“Many of our customers are in various areas including retail, insurance, real estate and FinTech. [This is] for anybody who is looking to get visibility into how their APIs and services are changing in the DevOps world, where security is front and center in terms of ensuring that applications can be protected,” Nagaraj said. “Understanding of those APIs, that is one key thing where people are looking for.”
For more, check out Going cloud native in a time of declining IT budgets on TechRepublic.