Ping Identity Acquires API Security Firm Elastic Beam
28.6.18 securityweek IT
Identity management solutions provider Ping Identity on Tuesday announced the acquisition of Elastic Beam, a company that specializes in detecting and blocking attacks aimed at application programming interfaces (APIs).
Ping Identity has been around since 2002 and it has raised more than $128 million. It previously acquired two other companies, UnboundID in 2016 and Accells Technologies in 2014.
The Ping Identity Platform allows enterprise users to securely access mobile, cloud and on-premises applications, while providing developers the possibility to enhance their apps with access management, single sign-on, multi-factor authentication, and data governance capabilities.
Elastic Beam emerged from stealth mode last year with a hybrid cloud software product that uses artificial intelligence (AI) to detect and neutralize threats that leverage APIs, including data exfiltration, unauthorized changes or removal of data, distributed denial-of-service (DDoS) attacks, code injections, brute force attempts and authentication via stolen credentials, API memory attacks, and WebSocket attacks.
Along with the acquisition of Elastic Beam, Ping Identity announced the launch of a new AI-driven solution designed for securing APIs.
The new product, named PingIntelligence for APIs, is currently in private preview and is expected to become generally available in the second half of 18.
According to the company, PingIntelligence for APIs is designed to provide organizations deep visibility into how APIs are used or misused, and it delivers extensive information that can be useful for audit, compliance, and forensic reports.
“PingIntelligence for APIs applies AI models to continuously inspect and report on all API activity. It automatically discovers anomalous API traffic behavior across the enterprise. Bad actors are well versed in circumventing static security policies, so PingIntelligence for APIs was purpose-built to recognize and respond to attacks which fly under the radar of foundational API security measures, and target API vulnerabilities—without policies, rules or code,” Ping Identity described the product on its website.