What We Do
ArecaBay offers InfoSec and DevOps teams an innovative solution to enable API DevSecOps. Built on the tenets that APIs are the new universal protocol, our unique Network Engine enables deep API inspection without any impact to applications. With a single deployment of the common Network Engine platform, ArecaBay XRay provides DevOps insights, performance metrics, correlated traces at API object and transaction level, while ArecaBay Force Field enables SecOps to discover, monitor, and secure API activities and data. Headquartered in Los Altos, CA, ArecaBay has a team of veterans with a proven track record in building enterprise security products used by thousands of customers.
Reduced Time-To-Detect(MTTD) & Time-to-Respond(MTTR)
with Zero-Impact to Uptime
API Transaction and Object Level Data with
No Code change
No Run-time or Library change
No Host/OS modification
No Agent inside container
Network Deployment with
No Kernel/OS network stack dependency
No Host/VM/infra dependency or impact
No Performance/Availability impact
No Impact on shared infrastructure
+ Why is this unique
- Deploys anywhere: At the core of ArecaBay is its Network Engine consisting of an array of lightweight software micro-sensors that are easily deployed, without modification to the app or app runtime, as network taps, gateway plug-ins, container sidecars, serverless functions, or message bus consumers.
- Self Learning: Self-adaptive API learning process ensures the Network Engine continuously learns and targets highly relevant API activities and data.
- Deep Tracing: The Network Engine monitors all end-to-end API flows at the finest granularity level, providing DevOps object level insights and correlated call traces across the entire transaction, while supporting a Dynamic API Risk Tracker(DART) dashboard for SecOps to take specific, target remediation actions against session/data anomalies.
- North/South and East/West: Zero impact deployment means universal API mediations.
+ Why should you care
APIs are the "new TCP/IP". Enterprise organizations like yours have seen increasing use of APIs to provide access to applications and to business-critical data. As API usage increases, so are API security risks. Gartner predicts in a report (ID: G00342236) that API abuses will be the major vector leading to data breaches. Furthermore, in a rapidly expanding digital mesh, service-to-service (external or internal) API connections are the foundation of mission critical applications. Monitoring and performance management of end-to-end API transaction, with no impact or restriction to the application, become vitally important.
+ Why other approaches do not work
Conventional network security tools (e.g. IDS, IPS, Firewall, WAF, and Layer-3, Layer-4, Layer-7 Segmentation) are limited to front-end north-south access and target mostly URLs of APIs, not the actual payload-level data.
Server OS or runtime “self-protection” app-sec tools require changes to codes or app runtime and thus severely limiting their adoption by Dev and DevOps.
Log-based tools are not effective, even when enhanced by AI, as logs are rarely real-time and worse, don’t provide sufficient call-level data.
Traditional API performance measurement tools are not built to provide granular information at the API object level. Also, most of them are not built for cloud native technologies such as kubernetes and are opaque to mTLS (mutual TLS) encryption between services.
ArecaBay provides a “best of both world's” solution: API object-level app-sec visibility/control using an intelligent Network Engine that is as easy to adopt by DevOps as a network sniffer.
+ How do you map ArecaBay to today's landscape
- API Sniffer: Think of us as an API Sniffer tool like tcpdump or wireshark for API monitoring and observability.
- API IDS/IPS: Think of us as an IDS/IPS for APIs.
- API WAF: Think of us as the next generation of WAF with complete coverage of WAF functions at an API layer.
- API Next-gen Firewall: Think of us as the next generation firewall that can go deep into APIs and its payloads and also provide full access control features
Why API Security, and Why Now?
Gartner predicts that, by 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise applications.
API exploitation Data breaches are on the news almost on a daily basis, but conventional tools do not provide a zero-impact solution that addresses such security threats.
ArecaBay customers instantly identify their API security posture, making it simple to remediate and secure.
Experience a Live 15-Minute Demo
See how ArecaBay can take your application security to the next level in a live, personalized demo with a solution consultant.