Subscribe to the Salt blog to learn about the latest developments in API Security

Blog Post

Company

90 Days of Learning, Good Surprises and Extreme Optimism

Michael Callahan
Jan 26, 2024

January is often a time for reflection, and setting goals and aspirations for the months and the year ahead. It’s actually my favorite time of the year. For me, this January is especially significant as it marks the end of my first 90 days as Chief Marketing Officer at Salt Security. I, along with the very talented Matt Quarles, joined the company in October to help lead Salt into its next phase of growth supporting our team and co-founders, Roey Eliyahu and Michael Nicosia, on this journey.

There were so many facets of Salt that initially drew me to this position. First and foremost, the world-class team and the culture that has been created and fostered throughout the years (most recently being recognized as an Inc Best Workplace 2023!). As someone who has worked in cybersecurity for over two decades, Salt’s existing brand recognition and leadership in the API security market was also undeniable. With the most robust and time-tested AI algorithms for API security, the company’s value proposition around solving real and meaningful problems were clear, especially as organizations find themselves operating in the most tumultuous cyber environment ever.

Through conversations with my colleagues and Salt customers over the past few months, I’ve developed a deeper understanding of our core value propositions as well as API security pain points, solution gaps in the market, and discovered where opportunities lie as Salt moves into its next stage of maturity. Below are some of my key takeaways.

There is a Very Large and Serious Customer Problem to be Solved

One of the things that was surprising to me was just how big the API security problem is. Since you can’t really see an API, like you might see a laptop or mobile phone, it’s easy to forget about it. But the number of APIs in the world continues to grow, and grow rapidly. Every company is going through some level of digital transformation and app modernization. They are leveraging APIs, microservices and distributed architectures. This change results in an explosion of APIs to connect and make everything work. The visual that comes to mind for me is of this huge semi-transparent monster just over your shoulder waiting to become a problem. Customers don't always know where or how big their own monster is, but it’s there. Many customers are surprised by the difference between what they think they have and what they actually have. Sometimes they underestimate the number of APIs by a factor of 10 or 100. The magnitude of the problem was one of the surprises for me…which leads to my next observation.

Education Still Remains Key

With the volume of APIs dramatically and continually increasing across tech stacks to drive innovation, it comes as no surprise that the number of attacks on APIs are rapidly rising as well. As APIs often give direct access to an organization’s most valued information, attackers are leveraging these as a means to gain access and spy on or steal sensitive data. According to the State of API Security Report Q1 2023, there was a 400% increase in unique API attackers this last year. In 2023, companies such as T-Mobile became the latest victims of API abuse. Our Salt Labs team also uncovered vulnerabilities, now remediated, in household names last year, including Grammarly and Booking.com.

So why are the number of successful API attacks continuing to rise, despite advancements in protective technology? Well, it comes down to education and overall awareness and helping organizations understand the problem, and maybe more importantly how to solve it. As APIs are still a relatively new attack vector, many organizations do not have an accurate understanding of what risk their APIs represent from a business standpoint, where these risks persist, and how these issues can be overcome. But, this is changing, especially as the financial and reputational repercussions become clear. API security has become a C-level discussion and we’re set to see more investment in 2024 than ever before. Salt will be at the forefront of this advancement as we continue to educate the market in meaningful ways.

Our Technology Is Unmatched

As the company that established the API security market in 2016, Salt has created an unrivaled platform that can detect and protect against the most sophisticated API security risks and challenges. Our solution combines the power of cloud-scale big data and time-tested ML/AI to detect and prevent API attacks. With a patented approach to blocking today's low-and-slow API attacks, only Salt can provide the adaptive intelligence to not only know where a company has APIs but to also protect those APIs. By correlating activities across billions of APIs and users over time, we are the only company able to deliver deep context with real-time analysis and continuous insights into API threats and vulnerabilities.

We also continue to innovate, having just launched the industry’s first API posture governance engine. This new capability helps organizations minimize risk on their API-first journey. By having the ability to author corporate policies (internal or externally based) for API posture, and assess compliance with those policies, along with industry best practices, and regulatory requirements. This ensures that Salt customers are always one step ahead of the threat curve!

Navigating The AI Craze

AI, and maybe Taylor Swift, were the biggest media stories of 2023, and rightfully so. With its perceived benefits, increased efficiency and productivity to name a few, AI has captivated the attention of everyone. From a cybersecurity perspective, many have pondered the risks that it will bring to enterprises and how these can be mitigated. On the Salt side, our team has been diligently sifting through the AI hype to uncover additional areas where our customers may benefit from utilizing AI within our platform. While we’ve heavily leveraged AI and ML since our founding, creating mature algorithms that can accurately assess API behaviors and activity over time, we’re always innovating and adding new capabilities to our platform. At Salt, we utilize AI to allow organizations to quickly and accurately stop API attacks which are often powered by AI-enabled attackers. Our use of AI in our enormous data lake has allowed us to continuously learn and get smarter as new attack tactics and techniques emerge. This level of high fidelity alerts enables our platform to easily and accurately decipher between benign and real API attacks. This is a capability that no other vendor possesses.  

This year, we will continue to monitor the evolution of AI, including Generative AI, to not only find ways to bolster our platform, but also to alert our customers (and indeed the wider industry) about any threats this may cause from an API security perspective.

We Work With The Very Best  

I’ve worked with many talented professionals over the course of my career. Our leadership team here at Salt is unmatched with some of the most experienced executives in the cybersecurity realm. Our leaders have successfully built and scaled organizations in the past and are uniquely positioned to supercharge Salt into a global cybersecurity powerhouse. We’re also extremely fortunate to have support from world-class investors and partners on this journey; Capital G, Falcon Fund (Crowdstrike), S Capital VC, Sequoia Capital, Tenaya Capital and Y Combinator. All of whom have helped fund and build some of the largest technology highflyers across the globe. Their expertise and advice is a pivotal component of our daily success and strong financial positioning.

We’ve also established deep partnerships and integrations with other cybersecurity trailblazers, including Crowdstrike. These partnerships ensure that our customers are provided with the most comprehensive API security offering allowing them to create their own best-in-class security ecosystem.

We’re Transforming Our Approach

As the saying goes, new year, new me, right? Well, in 2024, our team will be launching new campaigns and assets to better support our current and prospective customers throughout the API security lifecycle. We’re always on the hunt for creative ways to communicate our value propositions and messaging, and we have some exciting new developments on the horizon. Over the years, we’ve developed a strong story and have effectively communicated the innovative nature of our technology. And while this is certainly an important facet of every business, we want to ensure that we continue to clearly articulate how we solve the most complex and urgent API security problems for enterprises, especially as threats and attack techniques are changing everyday. Stay tuned and look forward to being impressed.

Customers Trust Us To Solve Complex Issues

Lastly, and one thing I am most proud of is how we are lucky to partner with and help some of the world’s biggest and most complex organizations with their API security. No pressure, right?! That trust is earned each and every day by everyone on our team from sales, support, marketing, customer success, development, product management, finance, and human resources. Our engineers and developers have (and continue to) build very sophisticated, yet easy to use, solutions that help simplify and solve the most complex API security risks and threats. Our customer service team also works diligently to ensure that organizations are supported wherever and whenever needed. This is a key component of our business model that certainly sets us apart from the pack and the customers I’ve spoken with feel like they have a trusted partner to solve their problems. The dedication of the entire Salt team, to ensure our customers are successful, is like none I’ve ever seen before.

Fueled by ample amounts of coffee, I have no doubt that 2024 is set to be a transformative year here at Salt for our customers and partners. No matter what stage of the API security journey you’re in, we’re here to support you.

A great way to learn how we can help is with a customized demo and an in-depth discussion about our offering. You can set that up here and a member of the Salt team will get back with you immediately: https://content.salt.security/demo.html.

Tags

Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

June 21, 2024

Amanda Fitzsimmons
Head of Legal

Industry

Don't Get Salted: Why API Inventory is Key to PCI DSS 4.0 Compliance (and How Salt Security Can Help You Achieve It)

A secure API ecosystem starts with a clear understanding of what APIs you have and how they interact with your data.

Read more

June 18, 2024

Salt Labs
Research Team

Salt Labs

Increasing API Traffic, Proliferating Attack Activity and Lack of Maturity: Key Findings from Salt Security’s 2024 State of API Security Report

The latest Salt Security State of API Security Report is out now, and we’re thrilled to give a little sneak peek of its contents.

Read more

June 12, 2024

Elad Hoffer
Head of Product R/T Protection

Product

Salt Security Leading the Way in AI-Driven API Security for Next-Generation Threat Protection and Attacker Insights

Learn how the recent introduction of advanced LLM-driven attacker insights further solidifies Salt's position as a leader in API security solutions.

Read more

Download this guide for advice on evaluating key capabilities in API Security

Learn everything you need to know to keep your APIs secure

Get the guide
Back