Ping Identity Takes Big Step Forward In API Security With Elastic Beam Acquisition

Ping Identity has purchased Elastic Beam to take the granularity of controlling, monitoring and enabling access in real-time down to the API level.

The Denver, Colo.-based identity sector vendor said the sheer scale of providing security at the API level goes beyond the ability to write manual policies or provision user accounts to apps, according to Ping Identity CEO Andre Durand. Acquiring Redwood City, Calif.-based Elastic Beam allows Ping to provide a level of access control at the API level that can't be achieved without big data, machine learning or AI.

"It's too granular, and the speed is too quick," Durand told CRN. "There's just too many transactions to do that manually."

[RELATED: 13 Big Bets Security Vendors And Partners Have Made To Help Customers Become GDPR Compliant]

Terms of the deal, which closed April 5, were not disclosed. Elastic Beam employs between 11 and 50 people, according to LinkedIn.

Elastic Beam's capabilities are being packaged into a new offering called PingIntelligence for APIs, which is being sold into large enterprises and will be priced on a consumption or subscription basis based on the amount of traffic on the APIs, according to Elastic Beam CEO Bernard Harguindeguy

Artificial intelligence has provided Elastic Beam with the ability to observe everything that's going on with traffic at scale and identity trends that lead to account takeover attacks, said Harguindeguy. By developing the ability to capture vast amounts of data at scale and delivering deep reporting on activities, he said the company can help recognize an attack and immediately block it.

Once a user has been authenticated, Durand said no one has typical watched what's actually happening in terms of how they're using the APIs. Therefore, Durand said a user could be abusing their privileges and no one would know.

But with Elastic Beam, Durand said Ping is now able to monitor what's happening at an API level and detect possible abuse. No one else in the industry has achieved the engineering and architectural feat of building to scale the ability to inspect API traffic at extremely high volume levels in real-time and apply API security to that traffic, according to Durand.

Elastic Beam, meanwhile, didn't have access to Ping's user identity capabilities, meaning the company could see anomalies and block behavior it thought was abusive but wouldn't know the actual user, Durand said. Tying an authenticated user to anomalous behavior will allow for a far more thorough inspection, according to Durand.

Durand anticipates that all of Ping's channel partners will be extremely interested in the offering based off Elastic Beam's technology. Elastic Beam had also on its own cultivated a growing number of interested channel partners, Durand said.

Elastic Beam's capabilities should be of most interest to DevOps and security teams responsible for APIs, which Durand said will enable Ping to tap into a developer ecosystem that the company hadn't directly worked with in the past. The developers tend to be very influential within large enterprises, according to Durand.

Ping remains on track to fully integrate Elastic Beam into the company's by within 100 days of when the deal closes, Durand said.

Ping's initial area of emphasis will be getting existing solution providers to upsell PingIntelligence for APIs, according to Durand. The company hopes PingIntelligence for APIs will gain traction in the channel by emphasizing the maturity of the offering and ensuring channel partners understand how to sell it.

"The need to secure APIs is going to be explosive," Durand said. "This is a deep, deep space."