Ping Identity acquires cybersecurity startup Elastic Beam; launches new AI-driven solution to secure APIs
Ping Identity has acquired API cybersecurity provider startup, Elastic Beam. The company made the announcement today at the Identiverse conference in Boston. In addition, the company also announced the launch of its PingIntelligence for APIs. The new AI-powered solution brings an increased level of intelligence into how APIs are accessed and used, including the ability to identify and block cyberattacks that target APIs to compromise data and systems. This makes Ping Identity the first company to leverage artificial intelligence in a comprehensive solution to secure API infrastructures in public and hybrid clouds.
Elastic Beam was founded in 2014 by Bernard Harguindeguy and Uday Subbarayan. Still in its early-stage, Elastic Beam brings AI-powered cyberattack protection to organizations’ API management investments. Prior to the acquisition, Elastic Beam built the first hybrid cloud software solution that combined advanced AI techniques with strong API behavior expertise to detect and automatically stop threats that use APIs to gain control of systems and data. The solution can autodiscover all active APIs to make sure that none are forgotten or overlooked, and delivers deep visibility into all API activity. With this new technology, Ping Identity enables businesses to recognize and respond to rapidly changing, dynamic attacks which target API vulnerabilities—without predefined policies or security rules.
Founded in 2002, Ping Identity is a Denver-based software developer that protects critical assets for various enterprises, while offering secure access to any application from any device. The company offers identity management, multi-factor authentication, and single sign-on tools for its clients. Its solutions are recommended for financial services, public sector, and healthcare markets. Ping Identity, which was founded in 2002, partners with SaaS vendors, technology companies, system integrators, and value-added resellers.
“We believe that adding intelligence based on machine learning analytics to the Ping Identity Platform is the next wave of identity security. For years, Ping has been delivering API security to global organizations with market-leading products like PingFederate and PingAccess,” commented Andre Durand, CEO of Ping Identity. “This acquisition extends our leadership by providing a comprehensive intelligence-based approach to API security. As an industry, it’s critical that we make decisions based on the ever-changing nature of context and behavior versus pre-defined policies that attempt to capture when, where and why a user is trying to access something.”
Organizations recognize the economic benefits that APIs and digital transformation initiatives can bring to their business. Industry directives such as PSD2 and Open Banking have also accelerated the use of APIs to provide interoperability between banking products. As a result, APIs have become a new and growing security risk for all organizations by making it easier for hackers and others to reach into applications and data they expose. PingIntelligence for APIs is designed to address this growing market need and protect enterprise and cloud customers from the increasing threat of API-targeted attacks.
“APIs are innovation enablers, but they also have a security blindspot,” said Bernard Harguindeguy, founder of Elastic Beam and SVP, Intelligence at Ping Identity. “While they are the primary channel for business transactions, their ubiquity and connectedness to sensitive data make them a prime target for bad actors. This is why three years ago, I teamed up with my co-founder Uday Subbarayan, who was previously part of the early team at Sonoa Systems/Apigee, to build Elastic Beam and address this vulnerability.”
Added Harguindeguy, “We’re thrilled to be a part of Ping Identity, a company that places equal weight on the importance of this growing issue. Integrating Elastic Beam into Ping Identity delivers a strong, intelligent security solution for APIs that simply has not existed until now.”
According to Gartner, “API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications by 2022.” This is why API security is Ping Identity’s first application of intelligent identity. The automatic collection, analysis and management of identity attributes all support API security.
PingIntelligence for APIs provides deep insight into how APIs are used or misused, and delivers extensive information for compliance, audit and forensic reports. It also delivers comprehensive threat protection across a range of attacks, from hackers without credentials probing for vulnerabilities to attacks on data and systems, while appearing like a normal user.
“PingIntelligence for APIs enables Axway to strengthen our industry-leading API security with AI and machine learning to defend against login and identity attacks, API specific DoS/DDoS and cyberattacks on data, apps and systems by discerning regular from abnormal API usage. Taking quick action when abnormalities start to occur reduces the attack identification from months to minutes,” said Suraj Kumar, VP of Solution Management at Axway. “The Elastic Beam acquisition by Ping Identity strengthens Axway’s partnership and value provided to our customers to secure and protect their APIs.”
“The security of APIs has never been more important for our customers and for TIBCO,” shared Rajeev Kozhikkattuthodi, vice president, product management and strategy, TIBCO. “With APIs being increasingly deployed across cloud and hybrid infrastructures, and at the edge, organizations are challenged with securing potential vulnerabilities. TIBCO’s partnership with Ping Identity has provided TIBCO Cloud Mashery with enhanced API security capabilities to protect against targeted API security breaches. With Ping Identity’s acquisition of Elastic Beam, TIBCO Cloud Mashery is now able to apply artificial intelligence for the detection and subversion of impending and future cyber attacks.”
Durand said, “API security is a strategic first activation of intelligent identity for Ping. Some of the biggest enterprise breaches over the past year were a result of API vulnerabilities, proving every enterprise and cloud provider needs a comprehensive API cybersecurity strategy. The API security problem is massive, and we’re delighted to offer such a valuable solution to our enterprise customers.”