At Salt Security one of our philosophies is to provide solutions that help simplify processes, and save time, rather than introduce additional complexities. This is especially important when it comes to security.
If a product is too difficult to deploy or too complex to use we know that’s a nonstarter for customers. Our integration model is a great example of our philosophy of keeping things simple and saving time and we have many integration options to provide choice and flexibility. This makes it seamless to integrate our solution with your environment and provide API protection as quickly as possible.
One of those integration options is leveraging an existing API gateway, and today we’re proud to announce that we have support for the popular Kong API gateway. With this support you can deploy the Salt Security plug-in on the Kong API gateway with just a few simple configuration steps and in a matter of minutes you’ll be up and running with Salt Security API Protection. Once deployed our plug-in takes a mirror of API traffic running through Kong and sends it to our solution for analysis to give you some big benefits:
The first step in the analysis process is to learn about the APIs in your environment with an end goal of providing you with a comprehensive catalog that includes all of your public, private and partner facing APIs. Since this process is ongoing that catalog is always kept up to date meaning if a new API or API endpoint is introduced into your environment it’s added to the catalog.
In addition to providing that comprehensive catalog we also let you know where your APIs are exposing PII and we can show you that down to the endpoint level. This is an important part of assessing risk when it comes to APIs and data and can also be helpful in meeting requirements for compliance.
As we build the catalog we’re also learning a lot about the activity across your APIs and we do this to establish a baseline of normal behavior. This baseline is the foundation from which we detect malicious activity and enable you to stop attackers during reconnaissance, before attacks are successful.
Another integration point with Kong is to use the platform’s capabilities to block malicious users. When a user is identified by Salt Security as malicious we can alert security teams and leverage a number of methods such as blocking IP addresses or revoking session tokens to stop attacks. We can also automate this process to block malicious users with no needed intervention from security teams. With this approach we’re helping you utilize workflows and enforcement points that already exist in your environment to integrate API protection quickly and with less friction.
If you have Kong deployed in your environment or if you’re interested in our other deployment options check out our website to see how you can add Salt Security and start protecting your APIs today.
Dr. Anton Chuvakin, security advisor at Office of the CISO, Google Cloud, joined our recent API Security Summit. Dr. Chuvakin’s session – co-hosted by Salt Security's Michelle McLean – provided an in-depth discussion on why API security has become a “now” problem.
The monetary growth opportunities promised by APIs are immense, but to harness them, CISOs must ensure the protection of their APIs.
With the industry moving to microservices and API-driven applications, new security threats and attack vectors have emerged. The PCI Security Standards Council has worked to address these threats in its newest PCI DSS 4.0 standard.