BOSTON — Ping Identity is moving beyond single sign-on and further into API security with its latest acquisition.
At the Identiverse 2018 conference on Tuesday, the Denver-based identity and access management (IAM) provider announced the acquisition of Elastic Beam, a Redwood City, Calif., cybersecurity startup that uses artificial intelligence to monitor and protect APIs. Terms of the deal were not disclosed.
Ping CEO Andre Durand discussed the importance of API protection in the past as part of the company’s “intelligent identity” strategy. The company, which specializes in IAM services such as single sign-on, had previously introduced PingAccess for API management and security.
Elastic Beam, which was founded in 2014, will become part of Ping’s new API protection offering, dubbed PingIntelligence for APIs. Elastic Beam’s API Behavioral Security (ABS) automatically discovers an organization’s APIs and monitors the activity using AI-driven behavioral analysis.
“The moment it detects abnormal activity on an API, it automatically blocks that API,” said Bernard Harguindeguy, founder of Elastic Beam.
Harguindeguy, who joined Ping as its new senior vice president of intelligence, said ABS’ use of AI is ideal for API monitoring and defense, because there are simply too many APIs and too much data around them for human security professionals to effectively track and analyze on their own.
“API security is a very hard problem. You cannot rely on roles and policies and attacker patterns,” he said. “We had to use AI in a very smart way.”
Durand said the explosion of APIs in both cloud services and mobile applications has expanded the attack surface for enterprises and demanded a new approach to managing and securing APIs. While Durand acknowledged the potential for AI systems to make mistakes, he said improving API protection can’t be done without the help of machine learning and AI technology.
“We’re in the early stages of applying AI to the enormity of traffic that we have access to today,” he said. “We want to limit the space and time that users have access to, but there’s no policy that can do that. I don’t think there’s a way to have that breakthrough without machine learning, big data and AI.”
PingIntelligence for APIs is currently in private preview, and it will be generally available in the third quarter this year.