Graylog, a provider of Security Information and Event Management (SIEM) and log management solutions, is providing a free version of Graylog API Security, making API security accessible to enterprises of all sizes at a time when API-related attacks are on the rise.
Uniquely, Graylog API Security enables organizations to identify and classify APIs, and then detect and receive alerts on threats from inside the perimeter, according to the company.
With bad actors disguising themselves as legitimate users, perimeter-based solutions are not enough. Instead, Graylog’s run-time approach complements existing Web Application Firewalls (WAF) and API gateways to provide a critical layer of defense, according to the company.
The solution captures all API request and response details to distinguish valid traffic from malicious actions immediately, like uncovering data exfiltration hiding under valid response codes.
“The performance, availability, and security of business-critical applications are key to all enterprises. With cyber criminals increasingly leveraging the vulnerable API attack surface for nefarious activities, it is important to have the right capabilities for continuous detection and response around API-specific attacks,” explained Graylog CEO Andy Grolnick. “Graylog’s intelligent API Security solutions are designed to detect and respond to elusive threats not covered elsewhere. With enhanced continuous discovery capabilities and the new free edition, advanced API security capabilities are now accessible to a much broader audience, helping make our digital world safer.”
With Graylog API Security – Free Edition, practitioners gain:
- API Discovery: Automatically discover and categorize APIs for focused monitoring
- Risk Scoring: Prioritize alerts based on their relative risk to the organization
- Full-fidelity Capture: Capture the complete API request and response payload, creating a readily accessible datastore for both real-time attack detection and forensic search to identify common threats and API failures swiftly and accurately
- Real-Time Threat Intelligence: Stay ahead of emerging threats with continuous monitoring of APIs and out-of-the-box threat signatures
- Guided Remediation: Once a threat is detected, Graylog API Security automatically provides helpful, straightforward remediation information
Graylog API Security is a cloud-native architecture available for self-managed private cloud or on-prem implementations to eliminate concerns over sending PII to a third-party vendor.
The free edition includes all the features of the paid version but is limited to 16GB of local rolling storage on a single node with a one-year renewable license.
For more information about this news, visit https://graylog.org.