WSO2 and Ping Indentity have partnered to integrate their two products. The open source WS02 API Manager can now integrate with the PingIntelligence API Security Enforcer (ASE) module using an open source extension within the WSO2 API Gateway. The combination delivers the static based security controls of WSO2 API manager and the AI and Machine learning enabled threat detection capabilities of the Ping Intelligence solution. Enterprise Times spoke to Paul Fremantle, Co Founder and CTO from WSO2.
ET asked him what this new partnership brings to the WSO2 product. He answered: “We have a plug in model inside our system. We have plugged in PingIntelligence into that plug in model. For a customer It is a very smooth upgrade to add this in. What that does is bring a whole new level of threat detection and intelligence into the API management.
“We also have a lot of adaptive threat intelligence ourselves but ours does not have the AI focus that Ping intelligence does. What we found was some customers wanted to use Ping with us and that drew us into this partnership.”
Why is this important?
The announcement is timely. There is an increasing trend for hackers to target API’s to access systems and data. A vulnerability highlighted last year was with the Windows task scheduler SchRpcSetSecurity API.
Gartner predicts that, “By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications.” And policy-based controls won’t be enough to protect enterprises relying on APIs to drive their business.
WS02 was recognised by Forrester as a leader in the API Management Solutions category in its Q4 2018 report. The report stated: “As the only fully open source solution in our Forrester Wave analysis, WSO2 provides good breadth across all evaluation criteria. Particular strengths include formal life-cycle management and non-REST APIs, both of which facilitate mature and disciplined enterprise API strategies.”
The WSO2 solution is not just for developers of API’s. Software vendors are increasingly using API’s to connect to third party solutions. This means that enterprises are themselves building complex API architectures. While the initial implementation work may need developers Fremantle is seeing more customers outside of the development community looking at its solution.
He explained further: “Increasingly companies have a head of API’s – API’s are the digital products of the 21st century. APIs’ are the way that you deliver digital value. That could be driving a phone app, driving a partnership or it could be resold by another person to a third party. Very much part of this is API management. We see the product being bought by developers, but also by the CIO team and by people with a more product focus. How you build a new channel for your products in the digital world.”
What does Ping Intelligence bring
The combination of the two solutions help organisations protect their solutions against a variety of threats. These include:
- The use a of valid user account to reverse engineer the API and breach other accounts to steal data—while looking like a normal user.
- Attacks that use stolen token, cookies, or API keys;
- Attacks on login systems;
- Remote application control;
- Botnets scraping data;
- Data exfiltration;
- API-specific denial of service/distributed denial of service (DoS/DDoS) attacks,
- Other attacks coming from authenticated users.
Bernard Harguindeguy, CTO, Ping Identity commented: “Ping Identity’s alliance with WSO2 extends our commitment to expanding our API security ecosystem. The advanced API security we deliver via PingIntelligence for APIs’ machine learning and artificial intelligence provides a strong complement to WSO2 API Manager in supporting the cybersecurity needs of today’s API-driven enterprises.”
Change of focus for WSO2
WSO2 is unusual in that its is an open source product. It has more than 500 paying customers according to Fremantle and many more using the open source code. Why the new partnership? Fremantle explains his view: “What is interesting about this is the combination of open source and proprietary. What that shows is that demand from customers is just for the right tool to do the job. For us being open source is important but we really feel that we need to compete on the technical merits of the product first, on open source as a kicker rather than the main thing. The fact that this is driven by customers who are using both us and Ping Intelligence demonstrates that we are a a true leader in API management and not just an Open Source leader.”
Does this partnership signal a change of strategy for WSO2 towards more partners? This partnership adds to that announcement last month with Espire. WSO2 now integrates with Espire’s Customer Engagement Hub (CEH) Framework as well. Fremantle answered: “I would say that we are being a bit more open in partnership model. We have done a huge amount of work with SI partners over the last 18 months and that has been incredibly successful for us. That has ramped our business up in Europe and that has driven us to look around a bit more.”
Those SI’s include Capgemini, Inforsys and Accenture as well as some smaller SI’s that are working exclusively with WSO2. Both parties have seen success with WSO2 growing profitably and by around 50% in the last two years. Will there be even more partnership? Fremantle said: “You will probably see more in the next eighteen months”
Enterprise Times: What does this mean
This announcement brings together two leading major players in the industry. This partnership extends the functionality of the Open Source solution increasing the security that organisation need to have in the future.
Ping Identify and WSO2 are also co-hosting a webinar on June 20th where the security threat to API is discussed. They will also share how machine learning and AI enabled solutions can assist in protecting API’s from potential threats.
The solution is available now and no additional feeds above that for using PingIntelligence and WSO2 are required. Existing customers can start using the integration now, therefore, for no additional fee.