Graylog, a leading provider of security solutions, has recently announced the release of a free version of Graylog API Security. This new API discovery and monitoring tool is aimed at making API security accessible to enterprises of all sizes, especially at a time when API-related attacks are on the rise.
One of the unique features of Graylog API Security is its ability to help organizations identify and classify APIs, and then detect and receive alerts on potential threats from inside the perimeter. As bad actors continue to disguise themselves as legitimate users, traditional perimeter-based security solutions have proven to be insufficient. In response to this evolving threat landscape, Graylog’s run-time approach offers a complementary layer of defense that works alongside existing Web Application Firewalls (WAF) and API gateways.
Furthermore, the solution captures all API request and response details, allowing it to immediately distinguish valid traffic from malicious actions. This includes the ability to uncover data exfiltration that may be hiding under valid response codes. As cyber criminals increasingly leverage the vulnerable API attack surface for nefarious activities, this level of continuous detection and response around API-specific attacks has become essential for enterprises.
Graylog CEO, Andy Grolnick, emphasized the importance of performance, availability, and security for business-critical applications, especially in the face of escalating API-related threats. Grolnick stated that Graylog’s intelligent API Security solutions are designed to detect and respond to elusive threats not covered elsewhere. With enhanced continuous discovery capabilities and the addition of the new free edition, advanced API security capabilities are now accessible to a much broader audience, ultimately contributing to making the digital world safer.
The features included in Graylog API Security – Free Edition offer practitioners a range of benefits, such as automatic API discovery, risk scoring to prioritize alerts, full-fidelity capture of API request and response payloads, real-time threat intelligence, and guided remediation once a threat is detected. This comprehensive feature set is designed to help organizations better monitor their APIs and respond to potential security threats more effectively.
It is worth noting that Graylog API Security is built on a cloud-native architecture, making it available for self-managed private cloud or on-prem implementations. This approach aims to address potential concerns over sending sensitive Personally Identifiable Information (PII) to third-party vendors. Additionally, the free edition of Graylog API Security includes all the features of the paid version but is limited to 16GB of local rolling storage on a single node with a one-year renewable license.
Overall, the release of the free version of Graylog API Security represents a significant step in democratizing API security and making it more accessible to organizations of all sizes. By providing a comprehensive set of features aimed at enhancing API security, Graylog is positioning itself as a key player in the ongoing battle against API-related cyber threats.