Elastic Beam API Behavioral Security

AI-Powered Attack Detection and Blocking

Elastic Beam API Behavioral Security (ABS) applies AI techniques to API transactions for accurate attack detection, and insightful forensic and compliance reporting. ABS requires no rules, policies, or attack signatures to identify advanced attacks on data, applications, and control systems via APIs.

ABS blocks cyberattacks including multiple types of API DDoS attacks, login system attacks, data exfiltration, and other API-specific data and system attacks — including attacks from insiders or hackers. To block attackers, ABS works with Elastic Beam API Security Enforcers and other systems (e.g. load balancers, API Gateways) to terminate connections and block future access.

Developed to provide the industry’s most advanced API attack mitigation, ABS continuously refines its comprehensive AI behavioral model for each API and uses it to detect malicious activity. Unlike generic behavioral analytics tools that don’t take into account API-specific usage, ABS leverages its in-depth API intelligence to provide the industry’s most precise and accurate detection of API misuse.

Elastic Beam ABS is deployed at large scale in multi-cloud environments with Elastic Clustering. It supports rapid expansion on-demand to address increased capacity needs and adapts automatically to changing environments.

ABS is delivered as software which can be deployed on bare metal, virtualized, or in Docker container environments — on-premise or in hybrid clouds — to detect attacks in API traffic.

Elastic Beam Deep API Insight

A Wealth of Forensic and Compliance Information

Elastic Beam delivers in-depth information, not normally available, on all actions performed on backend systems via APIs – including every command or method used on any API for each connection – at cloud scale.

This information is available for integration with your existing dashboard and reporting systems via Elastic Beam REST APIs. Elastic Beam Dashboard is also available to provide a graphical view of attacks, anomalies, and metrics for each API to help security analysts track ongoing attack activity and anomalous events.

After attacks are identified and stopped, security analysts can learn more about the activity leading up to the attack. Elastic Beam reports are available to support in-depth investigations into all historical activity linked with an attack.

Detailed reporting also provides API usage information to assist in generating reports for compliance purposes on all URL activity associated with database and file system access, line of business applications, control systems, etc.

The Dashboard is delivered as software which can be deployed on bare metal, virtualized, or in Docker container environments.

Access Data Sheet

Elastic Beam API Security Enforcer

Real-time Blocking and API Deception

Elastic Beam API Security Enforcer (ASE) delivers high performance processing of API traffic using either out-of-band or in-line deployments.

  • Automated deployment with orchestration engines to scale up and down
  • Live updates to add/remove APIs, app servers, API management platforms
  • Active-active Elastic Clusters for scale and availability – all nodes are peers and self-learn traffic, configurations, and security updates
  • Cluster nodes can be co-located or spread across a hybrid cloud infrastructure
  • Automated propagation of security information for attack blocking across Clouds
  • For REST and WebSocket API transaction security

Out-of-Band Deployment

For deployments not in the API data path, ASE nodes can be deployed out-of-band to send processed traffic to API Behavioral Engines for attack detection and reporting.

Inline Deployment

When in the data path, ASE nodes deliver real-time security:

  • Blocks API traffic that does not conform to the application specification
  • Stops DoS and DDoS attacks on APIs
  • Automated session termination and blocking of machine-learned rogue devices, botnets, hackers, insiders, and other attack sources
  • Hides internal API identities to protect applications and data from hackers
  • Masks API error messages to prevent disclosure of API/application information produced through hackers’ brute force attacks

API deception presents a target which looks like a normal API but functions as a trap for hackers. When a decoy API is accessed, the attack footprint is logged and sent to the API Behavioral System for analysis and reporting.

ASE is delivered as software which can be installed on-premise or in cloud-based environments on bare metal, virtualized, or in Docker container environments.

Access Data Sheet

Hybrid Cloud API Security

Elastic Beam API Behavioral Security overlays on existing API fabrics to prevent hackers from compromising data or gaining control

Security information is automatically propagated across clouds to enforce consistent security.

infrastructure

API management
api gateways

application servers

Deployed in enterprise and cloud environments, Elastic Beam software integrates with environments that use API Gateways or APIs directly on App Servers.

Elastic Beam Secure MQTT Proxy

MQTT Routing across IoT Clouds

Elastic Beam Secure MQTT Proxy routes, forwards, and load balances MQTT traffic across hybrid cloud environments. It was developed for low latency and high performance.

  • Easy and fast to deploy
  • Supports MQTT over TCP/TLS and WebSocket(S) protocols
  • Directs clients to preferred brokers using client-ID based routing (TCP) or cookie-based session stickiness (WebSocket)
  • Automated deployment with orchestration engines to scale
    up and down
  • Active-active Elastic Clusters for scale and availability – all nodes are peers and self-learn traffic, configurations, and security updates
  • Cluster nodes can be co-located or spread across hybrid cloud infrastructure

IoT Proxy is delivered as software which can be installed on-premise or in cloud-based environments on bare metal, virtualized, or Docker containerized systems. IoT Proxy has been certified with HiveMQ and tested with Mosquitto and IBM MessageSight.

Access MQTT Data Sheet