Learn about the Salt + CrowdStrike Falcon integration

Learn more

Announcing Salt Security Integration With Kong API Gateway

Chris WestphalChris Westphal
Aug 5, 2019

At Salt Security one of our philosophies is to provide solutions that help simplify processes, and save time, rather than introduce additional complexities. This is especially important when it comes to security.

If a product is too difficult to deploy or too complex to use we know that’s a nonstarter for customers. Our integration model is a great example of our philosophy of keeping things simple and saving time and we have many integration options to provide choice and flexibility. This makes it seamless to integrate our solution with your environment and provide API protection as quickly as possible.

Get useful guidance on the future of APIs and learn how to maximize the benefits of APIs while mitigating your risk.

One of those integration options is leveraging an existing API gateway, and today we’re proud to announce that we have support for the popular Kong API gateway. With this support you can deploy the Salt Security plug-in on the Kong API gateway with just a few simple configuration steps and in a matter of minutes you’ll be up and running with Salt Security API Protection. Once deployed our plug-in takes a mirror of API traffic running through Kong and sends it to our solution for analysis to give you some big benefits:

Up To Date Catalog Of Your APIs

The first step in the analysis process is to learn about the APIs in your environment with an end goal of providing you with a comprehensive catalog that includes all of your public, private and partner facing APIs. Since this process is ongoing that catalog is always kept up to date meaning if a new API or API endpoint is introduced into your environment it’s added to the catalog.

Visibility of PII Exposure

In addition to providing that comprehensive catalog we also let you know where your APIs are exposing PII and we can show you that down to the endpoint level. This is an important part of assessing risk when it comes to APIs and data and can also be helpful in meeting requirements for compliance.

Understanding Normal Behavior

As we build the catalog we’re also learning a lot about the activity across your APIs and we do this to establish a baseline of normal behavior. This baseline is the foundation from which we detect malicious activity and enable you to stop attackers during reconnaissance, before attacks are successful.

Blocking Attackers

Another integration point with Kong is to use the platform’s capabilities to block malicious users. When a user is identified by Salt Security as malicious we can alert security teams and leverage a number of methods such as blocking IP addresses or revoking session tokens to stop attacks. We can also automate this process to block malicious users with no needed intervention from security teams. With this approach we’re helping you utilize workflows and enforcement points that already exist in your environment to integrate API protection quickly and with less friction.

If you have Kong deployed in your environment or if you’re interested in our other deployment options check out our website to see how you can add Salt Security and start protecting your APIs today.

Go back to blog

Download this guide for advice on evaluating key capabilities in API Security

Learn everything you need to know to keep your APIs secure

Get the guide