Reshaping the API Security Landscape: Graylog Acquires Resurface


In the world of cybersecurity, change is the only constant. This reality is once again affirmed in a recent interview with Andy Grolnick, the CEO of Graylog, a leading SIEM and log management solutions provider, who has shared some exciting news regarding the future of API security. Andy, who has been at the forefront of innovation in cybersecurity, announced Graylog had acquired’s API security solution that will be integrated with Graylog’s SIEM platform. With this acquisition, Graylog introduced a new product, Graylog API Security, focused on continuous API threat detection and incident response.

Why the Acquisition Matters

The acquisition of by Graylog signifies an important turning point in the field of API security. When was founded, the central thesis was that web and API security brought unique requirements necessitating purpose-built data systems. As Andy remarked, “Using solutions like Elastic or Splunk at scale for API monitoring is prohibitively complex and expensive. Using Hadoop or Kafka requires an army of security professionals to run at any scale.” Consequently, the acquisition is a strategic step towards addressing these challenges in an increasingly interconnected digital world and making API security affordable, integrated and automated.

Understanding the Importance of API Security

The digital world is becoming increasingly dependent on APIs, and with this reliance comes a new set of vulnerabilities and security risks. As Andy highlighted, “The stakes for API security in 2023 are terrifically high.” In fact, he revealed that “70% of API traffic is malicious,” and “half of APIs are unmanaged.” With this acquisition, there’s a sense of urgency to provide a robust, efficient, and scalable solution for API security.

Graylog API Security: A New Chapter in API Monitoring

Firewalls and gateways are no longer enough. Attackers can appear as users and penetrate the perimeter. Internal users and partners, for example, bypass firewalls and can directly access microservices without inspection. In order to address these concerns, Graylog API Security offers a comprehensive API monitoring and security solution. Like a “security analyst in-a-box,” Graylog API Security is built to automate API security by continuously scanning all API traffic at runtime, thus identifying and alerting on zero-day attacks and threats before they reach applications.

Graylog API Security captures complete request and response details, creating a readily accessible datastore for attack detection, fast triage, and threat intelligence. Furthermore, its alert system works with common communication tools like Slack, Teams, Gchat, JIRA or via webhooks, thereby reducing alert fatigue.

With the advent of Graylog API Security, the vision of creating a safer, more secure API landscape is closer than ever. Users interested in getting an in-depth understanding of this new platform can attend the Graylog GO user conference scheduled for October 4-5. It’s clear that the Graylog and teams are excited to guide the community into a new era of robust API security.

Watch a Graylog product demo:


No posts to display