Security Information & Event Management (SIEM) , Security Operations

Graylog Buys API Security Firm Resurface for Added Telemetry

Deal Will Allow Graylog to Offer More Context Around Risk Tied to API-Based Threats
Graylog Buys API Security Firm Resurface for Added Telemetry
Andy Grolnick, CEO, Graylog (Image: Graylog)

Graylog purchased an API security startup founded by a former Dell and Intel software engineer to give its customers broader and more complete threat detection.

See Also: The Ultimate Guide to Threat Detection

The Houston-based SIEM and log management provider said its acquisition of Boulder, Colorado-based will allow companies to conduct threat hunting across the full set of API request response data rather than rely solely on metadata, according to Graylog CEO Andy Grolnick. By obtaining full visibility into data, Grolnick said Resurface can provide more context around what's happening with APIs (see: The Road to Log Management Maturity).

"The digital economy is full of APIs, most of which aren't being monitored from a security perspective," Grolnick told Information Security Media Group. "The right approach to API security is easy to install and implement."

Terms of the acquisition, which closed a few weeks ago, aren't being disclosed. Three Resurface workers joined Graylog, including founder and CTO Rob Dickinson, who will keep leading the API security team as vice president of engineering. Before starting Resurface in May 2019, Dickinson spent over three years as a software architect at Intel and nearly four years as a software engineering manager at Dell.

Freemium Version of Resurface Forthcoming

Grolnick said Resurface's technology will feed alerts into the hub at the security operations center to give customers more context. Resurface alerts will be integrated with non-API-based alerts in the SIEM to provide more fidelity around threats, according to Grolnick. The integration will take place over the next four to six months and will involve delivering alerts to specific security threat detection roles.

Grolnick said Graylog also will release a freemium version of Resurface's API security product in the first half of 2024 to help customers understand what's going on in their environment from an API perspective. The move will align Resurface with the rest of Graylog, which has both an open-source free version and a paid version.

"It helps us get into accounts we might not already be in."
– Andy Grolnick, CEO, Graylog

The initial phase of the integration will focus on bringing the alerts coming in from the Resurface product into the core Graylog SIEM to give SOC analysts a sense of what they should be aware of, Grolnick said. From there, Graylog will integrate the context it receives from customers' Resurface alerts into the core SIEM alerts, according to Grolnick.

"It's easy for a security team to test, trial and discover where their vulnerabilities are from an API perspective and then integrate it into their broader security program," Grolnick said.

How the SOC Benefits From API Telemetry

Adding context from the API side of the house will allow Graylog to provide customers with more clarity and fidelity around the risk associated with a particular threat and give them a way to prioritize threats based on different risk levels so clients know which risks to focus on. Graylog brought on the founder and key developers of the API security tool to drive cross-pollination with the firm's development team.

From a metrics standpoint, Grolnick said, Graylog will track the amount of revenue coming from the Resurface side as well as the volume of cross-sell activity in both directions. Grolnick anticipates the API security product will allow Graylog to become a more strategic partner for existing customers and prospects alike.

"Given the attention being paid to API security, I think the product can be a lead where it helps us get into accounts we might not already be in," Grolnick said.

About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.