A while ago I built a Blockchain SIEM(Security Incident and Event Manager -- a log aggregator ) POC (proof of concept) for a big company.
While building the thing, I got to see how this company had built their cybersecurity infrastructure, and saw a hole that I think might exist in other large enterprises -- API security via an API proxy.
After I finished up the SIEM POC, I took a month of "here and there" time and built a proof-of-concept ( it only runs on my box ) to test/prove to myself that an API proxy of this type could work to retroactively patch REST endpoints. ( This idea itself isn't new -- companies like Qualys and Imperva provide a Web Application Firewall that's really a proxy already -- I'm just adding better SIEM integration and distributed rules ).
But I don't know what to do next with it. It's not ready for sale -- it's a proof of concept -- that is, I can show in a debugger that it works as I imagine, and before I sink real time into making it a full sale-ready product, I need to know people would buy it.
I know big companies won't buy it -- because they only buy from big companies ( they want long-term maintenance, something a one-man-band can't provide ). Startups won't have the problem ( they have no Legacy APIs to patch with such a proxy ).
Any ideas -- how do I verify this thing is a product people would buy? How do I get my first alpha test customer for this type of security product?