I Am Working With Elastic Beam To Help Define API Security
21 Jun 2017
Security is the number one concern companies, organizations, institutions, and government agencies have when I’m talking with them about doing APIs. Strangely it is also one of the most deficient, and underinvested areas of API operations. Companies are just learning to design, deploy, and manage their APIs, and monitoring, testing, and security are still on the future road map for many API providers I know.
Security is one of the important areas I’ve been trying to find more time and resources to invest into my research, and I’ve been on the hunt for interesting providers to partner with when it comes to defining security as it applies to APIs. There are a number of web and infrastructure security companies out there, but there aren’t enough that are only focused on just APIs. With the number of APIs increasing, we need more eyeballs on the problem, and even more services and tools to stay ahead of the curve.
I finally found a worthwhile partner to help explore API security as part of my regular work as the API Evangelist, a new API security focused startup called Elastic Beam. They are a brand new effort exclusively focused on API security, who are hitting all the buzzworthy areas of the tech space (Artificial Intelligence, Machine Learning, etc), while also doing one thing and doing it well–API security. ElasticBeams core products are:
- API Behavioral Security - Keeping an eye on the unknown unknowns when it comes to API threats.
- Deep API Insight - Access insights extracted from data ingested across all Elastic Beam implementations.
- API Security Enforcer - Actually blocking and providing a smokescreen for threats against an API.
- Hybrid Cloud API Security - Plugs into existing API service and infrastructure providers.
- Secure MQTT Proxy - Focused on API security when it comes to the Internet of Things.
I’ve seen Elastic Beam in action, and have a copy to play with as I’m exploring a variety of scenarios in alignment with my API security research. Elastic Beam is going to invest in API Evangelist so I can pay attention to API security more, producing stories, guides, and white papers, and I’m going to help translate what it is they are offering, and help keep them focused on API security, and doing it well.
Elastic Beam is live. If you want to talk to them about security let me know, or just head over to their website. Also, if there are any specific areas of my API security research you’d like me to focus on, let me know. I’ve been having weekly calls with their team and advising them on their release. We’ll see where the relationship goes, but I’m stoked to finally have someone I can partner with to focus on API security. It is an area that needs more research, discussion, as well as storytelling, to help bring awareness to API providers–this stuff takes time, and we need more smart people on the case as soon as possible.
From the time I’ve spent with them, the Elastic Beam team seems to get the problem, and have invested in the right technology. I’m looking forward to working with them to continue to map out the API security space, identify and share information on the most common threats facing API providers. Stay tuned for more about API security, thanks to the Elastic Beam team.