Traceable, the world's first end-to-end application security monitoring platform, launched from stealth today with $20M in series A funding from Unusual Ventures and BIG Labs. Jyoti Bansal, the founder and former CEO of AppDynamics, heads the company as CEO and co-founder after selling AppDynamics to Cisco for $3.7 billion. Bansal is joined by Sanjay Nagaraj, former VP Engineering at AppDynamics, as CTO and co-founder. Traceable was spun out of BIG Labs, Bansal's startup studio.

Businesses large and small are migrating en masse from monolithic to highly distributed cloud-native applications often built with hundreds or even thousands of microservices. Protecting cloud-native applications from cyberattacks has become the most pressing challenge of this new architecture. Microservice APIs often expose business logic that threat actors use to infiltrate applications and private data.

"The broad use of APIs in cloud-native applications has greatly expanded the attack surface for enterprises, and until now, there hasn't been a solution that adequately addresses this growing issue," said Gerhard Eschelbeck, former Google CISO and Traceable advisor. "Traceable solves one of the biggest problem security teams face, which is distinguishing between valid and malicious use of an application's APIs." 

Bansal and Nagaraj saw the massive adoption of cloud-native architectures firsthand while working with thousands of AppDynamics customers. At the same time, high profile businesses such as Uber and Facebook were making news as they became victims of new business logic attacks due to vulnerabilities in microservice APIs. With cloud-native architecture adoption skyrocketing, Bansal and Nagaraj founded Traceable to protect applications from next-generation attacks.

"It became clear to us that a drastically new approach to application security was needed to protect businesses as they deploy their applications in cloud-native architectures," said Bansal. "Existing solutions were designed to protect traditional monolithic web apps with well-understood protocols. They aren't capable of understanding distributed applications using thousands of custom APIs."

Traceable, leveraging the team's expertise in distributed tracing and observability is the only Application Security Platform that traces end-to-end application activity from the user and session all the way through the application code. TraceAI, the platform's machine learning technology, analyzes this data to learn normal application behavior and to detect activity that deviates from the norm. Businesses use Traceable's rich forensic data and insights to easily analyze attack attempts and perform root cause analysis.

"At Houwzer, we conduct hundreds of millions of dollars worth of real estate transactions every year. Our customers place their trust in us to keep their information safe, so we need the best tools at our disposal to do so," said Greg Phillips, CTO of Houwzer, an early Traceable customer. "Traceable's technology enables my team to understand exactly how our APIs function in order to best diagnose and resolve issues when they arise, ensuring all the sensitive information we house is secure even as our application changes and new types of attacks emerge. This visibility also allows us to orient our product roadmap and optimize for success."

Bansal and Nagaraj have made Traceable's underlying distributed tracing platform available as an open source project named Hypertrace. By deploying Hypertrace, DevOps teams observe and monitor production applications with the same comprehensive distributed tracing and observability capabilities powering Traceable.

"While we were building Traceable, we realized that every business and every application should have access to a robust distributed tracing system. Highly distributed cloud-native applications are almost impossible to operate and troubleshoot without distributed tracing," said Nagaraj. "So we decided to make this core part of our platform, open source and freely available. We hope the community not only adopts Hypertrace but feels empowered to contribute to the project to make it even better."