Prior to the acquisition, Elastic Beam built the first hybrid cloud software solution that combined advanced AI techniques with strong API behaviour expertise to detect and automatically stop threats that use APIs to gain control of systems and data. The solution can autodiscover all active APIs to make sure that none are forgotten or overlooked, and delivers deep visibility into all API activity. With this new technology, Ping Identity enables businesses to recognise and respond to rapidly changing, dynamic attacks which target API vulnerabilities – without predefined policies or security rules.
“We believe that adding intelligence based on machine learning analytics to the Ping Identity Platform is the next wave of identity security. For years, Ping has been delivering API security to global organisations with market leading products like PingFederate and PingAccess,” commented Andre Durand, CEO of Ping Identity. “This acquisition extends our leadership by providing a comprehensive intelligence-based approach to API security. As an industry, it’s critical that we make decisions based on the ever-changing nature of context and behaviour versus pre-defined policies that attempt to capture when, where and why a user is trying to access something.”
In the API Economy, New Security Risks Emerge
Organisations recognise the economic benefits that APIs and digital transformation initiatives can bring to their business. Industry directives such as PSD2 and Open Banking have also accelerated the use of APIs to provide interoperability between banking products. As a result, APIs have become a new and growing security risk for all organisations by making it easier for hackers and others to reach into applications and data they expose. PingIntelligence for APIs is designed to address this growing market need and protect enterprise and cloud customers from the increasing threat of API-targeted attacks.
“APIs are innovation enablers, but they also have a security blindspot,” said Bernard Harguindeguy, founder of Elastic Beam and SVP, Intelligence at Ping Identity. “While they are the primary channel for business transactions, their ubiquity and connectedness to sensitive data make them a prime target for bad actors. This is why three years ago, I teamed up with my co-founder Uday Subbarayan, who was previously part of the early team at Sonoa Systems/Apigee, to build Elastic Beam and address this vulnerability.”
Added Harguindeguy, “We’re thrilled to be a part of Ping Identity, a company that places equal weight on the importance of this growing issue. Integrating Elastic Beam into Ping Identity delivers a strong, intelligent security solution for APIs that simply has not existed until now.”
According to Gartner (https://www.gartner.com/document/3834704), “API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications by 2022.” This is why API security is Ping Identity’s first application of intelligent identity. The automatic collection, analysis and management of identity attributes all support API security.
Protect API Infrastructures with Intelligent API Traffic Monitoring
PingIntelligence for APIs provides deep insight into how APIs are used or misused, and delivers extensive information for compliance, audit and forensic reports. It also delivers comprehensive threat protection across a range of attacks, from hackers without credentials probing for vulnerabilities to attacks on data and systems, while appearing like a normal user.
“PingIntelligence for APIs enables Axway to strengthen our industry-leading API security with AI and machine learning to defend against login and identity attacks, API specific DoS/DDoS and cyberattacks on data, apps and systems by discerning regular from abnormal API usage.Taking quick action when abnormalities start to occur reduces the attack identification from months to minutes,” said Suraj Kumar, VP of Solution Management at Axway. “The Elastic Beam acquisition by Ping Identity strengthens Axway’s partnership and value provided to our customers to secure and protect their APIs.”
“The security of APIs has never been more important for our customers and for TIBCO,” shared Rajeev Kozhikkattuthodi, vice president, product management and strategy, TIBCO. “With APIs being increasingly deployed across cloud and hybrid infrastructures, and at the edge, organisations are challenged with securing potential vulnerabilities. TIBCO’s partnership with Ping Identity has provided TIBCO Cloud Mashery with enhanced API security capabilities to protect against targeted API security breaches. With Ping Identity’s acquisition of Elastic Beam, TIBCO Cloud Mashery is now able to apply artificial intelligence for the detection and subversion of impending and future cyber attacks.”
Durand said, “API security is a strategic first activation of intelligent identity for Ping. Some of the biggest enterprise breaches over the past year were a result of API vulnerabilities, proving every enterprise and cloud provider needs a comprehensive API cybersecurity strategy. The API security problem is massive, and we’re delighted to offer such a valuable solution to our enterprise customers.”