Announcing Graylog API Security v3.6

Graylog API Security v3.6 is here!

Just taking the version number by itself, v3.6 sounds like an incremental step forward. But the truth is that v3.6 isn’t just a release milestone; it’s a huge inflection point in our mission to improve API security. There are multiple “firsts” in v3.6, which makes the total combination even more exciting.

Many organizations report a lack of visibility into their APIs as their biggest obstacle to improving API security. We took this challenge to heart, and v3.6 is our first release to feature API discovery, domain classification, and risk-scoring capabilities. This was the result of months of conversations with API experts, industry analysts, and security gurus to understand the pain points around discovery. This even caused a crisis of confidence when we found that top experts in this field disagreed about how APIs should be defined for the purpose of counting them. We presented these findings at Graylog GO and API Days and got even more feedback to calibrate our approach. v3.6 implements API discovery without being burdensome to configure or administer, and requires only common knowledge about what API domains should be supported and what domains are not supposed to be used. v3.6 also includes risk scoring and risk summarization as part of API discovery, to automatically highlight where risk remediation efforts will have the greatest impact. There’s more to come around API discovery, but we think v3.6 hits the sweet spot between being easy and informative.

v3.6 is our first release with a first-node-is-free offer. We want to make it easy to do evaluations, and we’re proponents of land-and-expand installations, whether that’s focusing on the most important APIs first, the most problematic APIs first, or just basic discovery to start. Having a free offering also aligns with our larger mission to help everyone improve their API security posture. We believe every API provider needs these capabilities, and so we’re excited to make this technology more readily available.

Under the hood, v3.6 is our first Kubernetes-first and Iceberg-first release. In previous releases, we supported deploying with/without Kubernetes and with/without Iceberg, which meant extra complexity and extra effort for everyone. v3.6 uses an optimized set of Iceberg-capable containers (whereas v3.5 has 6 container images, v3.6 has only two). While we’re dropping official support for Docker installations in v3.6, this allowed streamlining documentation and automation with Kubernetes in mind. What hasn’t changed is that v3.6 still relies on Trino, Iceberg, and our open data plane. Iceberg integration is still completely seamless, and queries against Iceberg are 50-75% faster than v3.5. We’re excited to be working at the frontier of using Iceberg for security data and continuing to give back to the Trino community.

Last but not least, v3.6 is our first release as part of Graylog. The experience of integrating the Resurface product team into the larger Graylog team has been overwhelmingly positive, and the opportunity to craft a “better together” story is exciting. This v3.6 release is just the first chapter in this story, and there’s lots more to come in 2024.