Graylog GO logo

Calling All Speakers | Submit Your Topic >>>

From Resurface to Graylog API Security: The Next Chapter

Graylog Acquires API Security from Resurface


When I started Resurface, my core thesis was that web and API security brought unique requirements requiring purpose-built data systems. Using Splunk at scale for API monitoring was/is prohibitively expensive. Using Hadoop or Kafka requires a nerd army to run at any scale. Few data platforms include a mature web or API monitoring model, so this has to be custom-overlaid at significant expense. This approach doesn’t lead to repeatable practices or reasonable ownership costs necessary for security programs to prosper.

The stakes for API security in 2023 are terrifically high. It’s no secret that APIs are a source of growth and risk for many organizations. If implementing an API security program means forging a system from generic data components, then it could be years before that effort sees fruit. That’s a long time for attackers to be pounding away at your APIs. Better to use a purpose-built platform like Resurface to immediately establish more robust security and quality practices and iterate from there without fear of lock-in or having to replace your WAF.

For anybody who knows Graylog, the similarities with Resurface will jump right out. Both are built for a marketplace where the alternatives are more complex and expensive. Both have an open data plane and embrace open standards. Both excel at self-hosted operations where data is kept under first-party control. These foundational qualities make Resurface and Graylog a natural fit in terms of what we’re building and how we see the future of big data systems.

Even though all these similarities exist, you might still wonder about the most significant key difference: if Graylog is built to handle all sorts of log data, and Resurface is built just for API security, does that put the two in opposition? The answer to this question provides another striking example of how the two platforms are similar. Resurface is highly open and customizable, for the same reasons that Graylog is highly open and customizable, to joyously enable “just right” solutions.

As Resurface morphs into Graylog API Security, I’m thrilled to write this next chapter together and for the opportunity to work with the amazing Graylog community

I’d be remiss if I didn’t acknowledge with gratitude that Resurface is the product of years of effort by team members (current and former), investors, partners, advisors, and board members, including Andy Grolnick, who was an investor and board member from the start. Thank you for your support on this incredible and humbling journey 🙌

Get the Monthly Tech Blog Roundup

Subscribe to the latest in log management, security, and all things Graylog blog delivered to your inbox once a month.