Traceable is a leading API Security company that helps organizations achieve API protection in a cloud-first world. Pulse 2.0 interviewed Traceable CTO and co-founder Sanjay Nagaraj to learn more.
Sanjay Nagaraj’s Background
As a senior engineering leader, Nagaraj has been building complex enterprise software solutions for over 20 years. Before co-founding Traceable, Nagaraj was VP of Engineering for AppDynamics/Cisco. Nagaraj said:
“At AppDynamics, we were responsible for product teams for Application Performance Management and Database Monitoring products. My team built solutions that were critical in helping DevOps teams to lead digital transformation at many Fortune 100 companies. During my tenure, my team was able to generate over a half of a billion dollars due to the customer-first approach and industry-leading solutions.
Formation Of Traceable AI
How did the idea for Traceable AI come together and what are your primary responsibilities at the company? Nagaraj shared:
“During our time working together at AppDynamics, my co-founder Jyoti Bansal and I saw just how much cloud-native architectures were influencing the security landscape. We knew APIs played a critical role in that, and that many companies were failing to consider APIs in their overall security strategy. We founded Traceable to protect APIs from the next-generation of attacks on cloud infrastructures.
“My primary responsibilities at Traceable consist of setting the company’s technological vision, developing our API security strategy, leading all aspects of tech development, engineering and product management, and ensuring that what we are building is benefiting the market and customers, consistently.”
What has been your favorite memory working for Traceable AI so far? Nagaraj reflected:
“One of the most rewarding aspects of working at Traceable is the opportunity to play a critical role in safeguarding organizations from sophisticated API attacks. We are at the forefront of a continually evolving landscape, developing innovative technology to stay ahead of potential threats. There’s a certain thrill and satisfaction in knowing that our work directly contributes to the security of numerous businesses and, by extension, the overall health of the digital economy. Our technology isn’t just a product – it’s a vital component to employee, customer, and partner safety. That’s the overarching memory and sentiment that fuels my commitment and passion.”
What are some of the challenges Nagaraj faced in building the company and has the current macroeconomic climate affected the company? Nagaraj acknowledged:
“Building a company, particularly in the tech space, always presents its own unique set of challenges. In the realm of API security, one of the foremost challenges we face at Traceable is keeping up with the fast-paced and continuously evolving threat landscape. Cybercriminals are becoming increasingly sophisticated, requiring us to consistently innovate and adapt our technology. Another challenge is attracting and retaining top-tier talent in an extremely competitive market.
“As for the macroeconomic climate, it does have an impact — but not necessarily for the negative. Sure, periods of economic uncertainty influence end users’ budgets and investments, however, it also creates more of a need for robust digital security measures.
As more businesses transition to cloud-first platforms, the demand for API security solutions has risen. Balancing these factors and navigating the evolving business landscape is part of the challenge and thrill of running Traceable.”
What are Traceable AI’s core products and features? Nagaraj explained:
“Traceable helps organizations achieve API protection in a cloud-first, API-driven world. We are the only contextually-informed solution that powers complete API security – governance, intelligence, and threat management – enabling organizations to minimize risk and maximize the value that APIs bring to their customers.”
“The core foundation of the comprehensive Traceable API Security Platform is the API Data Lake which understands every detail of all your APIs and the data associated with the APIs by collecting data on runtime details such as sensitive data flows, API call maps, API usage behavior, user details, event details, threat activity levels, and more.”
“This enables the platform to combine the data to understand and build a comprehensive 360 degree rich contextual knowledge and understanding of the context between the API activity, user activity, data flow, and code execution, allowing for deeper behavioral analysis of the APIs and users. This makes the data more relevant and actionable to threat hunters, incident responders, and security researchers. It works by collecting and analyzing the end-to-end path trace of all of your API calls and service behaviors with an API security data lake that allows your SOC team, incident responders, threat hunters, as well as red teams and blue teams, Actionable API Intelligence for security analysis and forensic research.”
“This past April, Traceable launched the industry’s first and only Zero Trust API Access (ZTAA) Solution. Zero Trust API Access (ZTAA) provides enterprises considerable business benefits such as; dynamic data access policies that stop data breaches in their tracks, continuous adaptive trust for real-time threat prevention, and intelligent rate limiting for API abuse prevention. We are so excited for this solution to be a part of our core offerings because you cannot have true Zero Trust without API security and when combined, Zero Trust Security and API Security create a holistic and robust security approach that actively mitigates the risks associated with accessing sensitive data via APIs.
“At the beginning of August, Traceable also announced the launch of digital fraud capabilities to deliver protection against fraudulent activities for APIs and digital interfaces. These capabilities are particularly helpful to the retail and financial sectors who rely on digital transactions and data exchange.”
Evolution Of Traceable AI’s Technology
How has Traceable AI’s technology evolved since launching? Nagaraj noted:
“Since launching, the Traceable security platform has evolved to include several aspects that work towards adding an extra layer of protection for your APIs. Recently, our product and solution offerings have expanded to include assistance with FFIEC compliance, Zero Trust API access, an API Catalog solution to enable API Discovery and Security Posture Management and Threat Protection, and fraud capabilities.”
What have been some of Traceable AI’s most significant milestones? Nagaraj highlighted:
“In the past 12 months, Traceable has reached several milestones. It began with $60 million in Series B funding in May 2022. Since then, we have launched multiple products and solutions, including an API Catalog solution to enable API Discovery and Security Posture Management, Threat Protection, Zero Trust API Access, the industry’s first API security reference architecture for Zero Trust, an offering to help large financial institutions achieve FFIEC compliance, fraud protection capabilities, and new integrations with security vendors such as Wiz and Snyk. We also welcomed cybersecurity industry legends John Kindervag and Chase Cunningham to Traceable’s advisory board to help us achieve further security capabilities for companies around the world.”
“As a result of these milestones, Traceable achieved an ARR Growth Year over Year of 274%. Traceable was named a leader in the 2022 GigaOm Radar Report for API Security and is a favorite among customers across different industries, with 5-star testimonials in both Gartner Peer Insights and G2 Crowd.”
“Lastly, Traceable has won several awards, including the 2022 TMCnet Zero Trust Security Excellence Award, the 2022 Digital Innovator Award from Intellyx, the 2023 DEVIES Award for API Security Innovation, the 2023 Fortress Cybersecurity Award, and was recently named the gold winner in the 2023 Globee Awards for information technology for our Zero Trust API Access solution.”
Customer Success Stories
Can you share any specific customer success stories? Nagaraj cited the following:
“We love to share our story on Informatica. When they initially came to us, they had identified the need for a solution that would support three clouds and two other environments. Because of how their data was spread over disparate systems, they had a drastic API sprawl problem. Security engineers could neither discover nor validate API changes or data flow in order to assess attack surface risk.”
“Not only that, but they had a high cost of infrastructure and labor based on legacy WAF tools that did not provide the security coverage needed for full API protection.”
“After our work together, Informatica now catalogs and protects their entire API infrastructure with unprecedented confidence and speed with Traceable’s API Catalog. Discovering all APIs, sensitive data flow, and enabling protection of data across multiple clouds from a variety of threats, Traceable’s API discovery and attack protection are key to not only understanding their API risk and evaluating their attack surface – but also to ascertaining the scope of data usage across three clouds.”
“Traceable was also able to negate much of the cost that came from Informatica’s need to process a large amount of data daily. Once Traceable was deployed Informatica’s was able to save 60 hours of labor weekly.”
Total Addressable Market
What total addressable market (TAM) size is Traceable AI pursuing? Nagaraj assessed:
“Our initial research indicates that API security is a multi-billion dollar addressable market.”
Differentiation From The Competition
What differentiates Traceable AI from its competition? Nagaraj explained:
“What makes Traceable different from our competitors can ultimately be broken down into 5 points.”
“The first differentiator is our breadth of platform capabilities. Traceable offers API Discovery and Security Posture Management, meaning that we provide the necessary visibility, inventory, and risk ranking of all known or unknown API endpoints. We also offer API Threat Protection, which is where Traceable’s platform detects and blocks both known API vulnerabilities and unknown threats and zero-days. Our platform also includes threat management, a rich set of security and application flow data for threat hunting, red team and blue team activities, and true security optimization.”
“Secondly, Traceable is able to offer protection against data exfiltration via APIs. Instrumented inside an API gateway or in-line application architecture, Traceable provides real-time detection and protection against sensitive data theft. Security teams can immediately detect when and where a bad actor gains access to confidential information by exploiting software bugs, CVEs, or zero-days.”
“Thirdly, Traceable’s capabilities also offer deep security analytics. These hunt for hidden IOCs and breaches, track and trace activities of suspicious users, run postmortem analysis of security incidents, spot malicious users, speed incident response, and lower MTTR.”
“Fourthly, Traceable has the capacity for flexible data collection and deployment options. This means that Traceable can collect data through a variety of methods: including fully out-of-band collection via network log analysis of AWS, GCP, and Azure clouds, Collection by instrumentation within your API gateway, proxies, or service mesh, and In-app data collection through instrumentation by language-specific agents or via socket filtering. Equally important, the entire Traceable platform can be deployed 100% on-premises in a fully air-gapped model or can be delivered by SaaS or hosted in your own AWS, GCP, and Azure cloud.”
“Lastly, Traceable is built for massive scale. Traceable allows users to process and analyze APIs, application communication, and user behavior data at a cloud scale. Traceable can support very large customer deployments consisting of thousands of API endpoints and billions of API calls.”
Future Company Goals
What are some of Traceable AI’s future company goals? Nagaraj concluded:
“Customer success is always a fundamental goal for us. We aim to provide the best possible user experience, ensuring that our clients feel safe and protected when navigating their digital environments. We’re continuously investing in customer support and success management to provide swift and effective solutions whenever our customers need help.”
“Secondly, we are committed to driving technological innovation in API security. We are focused on further refining our machine learning and AI capabilities to anticipate and neutralize threats before they can compromise end users’ systems. Our goal is to remain at the forefront of the industry, developing state-of-the-art tools that allow businesses to operate securely in an increasingly digital world.”
“Finally, we strive to make a positive impact on the broader digital ecosystem. Beyond our immediate customers, we aim to contribute to the wider cybersecurity community by sharing our research and insights and developing best practices. We believe that a more secure digital world benefits everyone and are determined to play our part in making that a reality.”