Financial institution

Driven by demands for tighter integration with their platforms, banking institutions are developing open APIs which enable partners to directly integrate and provide financial services to their customers. A key concern is ensuring the security of customer data when accessed via these APIs. Many banks use in-house systems to manage API access and deliver foundational security—including managing API keys and providing granular access control services. However, these banks also require strong protection against cyberattacks which could compromise the API service and expose customer data.

Elastic Beam API Behavioral Security (ABS) is deployed to monitor API transactions and report any suspicious activity, including attacks on the banking applications and data systems. ABS delivers an API security overlay on top of the deployed API management platform for complete visibility into API sessions to stop cyberattacks and show compliance. Protection is provided from:

  • Extraction of data which could include customer accounts or other sensitive information.
  • Malicious activity on customer accounts
  • Abnormal insider activity
  • Portal service downtime due to API DDoS attacks

ABS protects APIs from hackers’ malicious actions including data injection or extraction. Using AI techniques to analyze API transactions, ABS automatically blocks malicious activity and provides security analysts deep insight into API activity– at scale. Login services traffic is controlled to stop botnets from disrupting access or performing credential stuffing to compromise accounts. The self-learning ABS engine automatically discovers all active APIs, builds an understanding of expected per API activity, and then detects and stops malicious activity.

Healthcare

To provide easy access to patient records from mobile or traditional clients, healthcare organizations are deploying API Gateways which allows customers to access their health history, payment information, and other services from a portal. A critical objective is maintaining HIPAA compliance for patient health information (PHI) records and PCI compliance for the credit card payment processing. An API Gateway delivers strong access control to ensure patients can only access their own records, but healthcare organizations require stronger session security and activity monitoring to ensure patient privacy is protected.

Elastic Beam API Security Enforcer can be deployed out-of-band to integrate with the API Gateways, and the Elastic Beam API Behavioral system is used to analyze all API transactions to deliver in depth activity reporting and stop potential attacks. Installed in less than a day, the Elastic Beam software can immediately detect and block suspicious activity, including hackers attempting to guess credentials on the login service or attempting to extract records through the patient portal. Comprehensive, detailed reports on all API activity can be included within HIPAA and PCI compliance reports.

IoT

Organizations are deploying industrial equipment outfitted with MQTT sensors to send operating information to preventative maintenance servers. Once consolidated at a cloud data center, the traffic passes through MQTT brokers to reach various monitoring systems. Manufacturers are looking for a high-performance platform that can intelligently route MQTT sensor traffic to preferred brokers based on the MQTT client identifier.

Elastic Beam Secure MQTT Proxy software is deployed using bare metal, virtualized systems, or Docker containers operating within an Elastic Cluster. Traffic is intelligently routed to each device’s designated broker – even at very large scale. MQTT Proxy delivers the operational flexibility of dynamically adding nodes to a cluster for increased capacity and automatically propagating preferred routing information across a hybrid cloud. Elastic Beam MQTT Proxy helps organizations exceed the targeted availability and performance service levels of their IoT deployments.