Elastic Beam Emerges From Stealth to Provide API Security | eWeek

Elastic Beam Debuts API Behavioral Security Platform

elastic beam
Jun 21, 2017
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

In the modern software development landscape, application programming interfaces are widely used to provide data, content and other services. However, API security has been an often overlooked area, which is why Bernard Harguindeguy and his partners got the idea to start Elastic Beam.

Elastic Beam is officially emerging from stealth today in a bid to help organizations secure and manage API usage. Harguindeguy has had a long career building security startups, including GreenBorder Technologies, which Google acquired in 2007. His co-founder at Elastic Beam, Uday Subbarayan, was one of the technical founders of APIGEE, which Google acquired in 2016.

Elastic Beam’s core product, called API Behavioral Security (ABS), understands API transactions and can differentiate what is normal and what is potentially an attack, according to Harguindeguy. The understanding of what is and isn’t normal is done through a combination of machine learning and artificial intelligence technologies built by Elastic Beam. Securing APIs isn’t just about monitoring access, but also about providing security and detection capabilities for the core back-end systems that are providing the API gateways.

“We protect the API login system itself, which is important because hackers will attack systems to gain access,” he said. “The attacker could be an outsider, a botnet or even an insider.”

Harguindeguy noted that commonly with API usage, organizations lose visibility after a user, legitimate or otherwise, gets access. With Elastic Beam, a core feature is API usage visibility, providing tracking for a given API account on usage, deployment and other metrics.

“So we can detect attacks, post-login as well as pre-login,” he said.

An additional layer of protection that Elastic Beam provides is for distributed denial-of-service (DDoS) attacks against APIs. Harguindeguy said DDoS attacks against APIs don’t follow the same patterns as regular web attacks and can be difficult to detect. DDoS attacks against an API isn’t just about overwhelming a target with traffic, but also with other elements such as browser cookies, or overloading API memory.

“We can recognize a whole bunch of different types of DDoS attacks against APIs,” he said. “We can then help our customers sort out the good traffic from the bad.”

Going beyond just detection, Elastic Beam also provides deception with its Decoy API functionality.  With the Decoy API, an organization can set traps for attacker and capture attack information for analysis and reporting. 

From a deployment perspective, Elastic Beam protects both API gateways and management platforms, as well as APIs implemented directly on web application servers such as node.js, Tomcat and WebSphere.

“We’re working with several API management vendors providing a level of security on top of what they provide,” Harguindeguy said. “API gateway vendors tend to stop at access control, and we bring a new layer of security on top that they just don’t have.”

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.