Graylog API Security enables organizations to identify and classify APIs

Graylog released a free version of Graylog API Security. This API discovery and monitoring tool makes API security accessible to enterprises of all sizes at a time when API-related attacks are on the rise.

Uniquely, Graylog API Security enables organizations to identify and classify APIs, and then detect and receive alerts on threats from inside the perimeter.

With bad actors disguising themselves as legitimate users, perimeter-based solutions are not enough. Instead, Graylog’s run-time approach complements existing Web Application Firewalls (WAF) and API gateways to provide a critical layer of defense. The solution captures all API request and response details to distinguish valid traffic from malicious actions immediately, like uncovering data exfiltration hiding under valid response codes.

Graylog CEO Andy Grolnick emphasizes, “The performance, availability, and security of business-critical applications are key to all enterprises. With cyber criminals increasingly leveraging the vulnerable API attack surface for nefarious activities, it is important to have the right capabilities for continuous detection and response around API-specific attacks. Graylog’s intelligent API Security solutions are designed to detect and respond to elusive threats not covered elsewhere. With enhanced continuous discovery capabilities and the new free edition, advanced API security capabilities are now accessible to a much broader audience, helping make our digital world safer.”

With Graylog API Security – Free Edition, practitioners gain:

• API discovery: Automatically discover and categorize APIs for focused monitoring
• Risk scoring: Prioritize alerts based on their relative risk to the organization
• Full-fidelity capture: Capture the complete API request and response payload, creating a readily accessible datastore for both real-time attack detection and forensic search to identify common threats and API failures swiftly and accurately
• Real-time threat intelligence: Stay ahead of emerging threats with continuous monitoring of APIs and out-of-the-box threat signatures
• Guided remediation: Once a threat is detected, Graylog API Security automatically provides helpful, straightforward remediation information

Graylog API Security is a cloud-native architecture available for self-managed private cloud or on-prem implementations to eliminate concerns over sending PII to a third-party vendor. The free edition includes all the features of the paid version but is limited to 16GB of local rolling storage on a single node with a one-year renewable license.