Subscribe to the Salt blog to learn about the latest developments in API Security

Blog Post

Berkshire Bank Banks on Salt for API Protection

Michelle McLean
Jun 1, 2022

It’s cool to win banks as customers – it’s even more cool when they go public with the news!

We’re proud to share this news, given how essential security is to financial institutions. The combination of working under extensive regulations and the criticality of protecting customers’ sensitive financial data sets the bar for security pretty high.

I especially enjoyed my conversation with Ryan Melle, SVP and CISO at Berkshire Bank. He’s a pragmatist, and he gets things done quickly. As with so many banks, Berkshire Bank is leveraging APIs to build a broader ecosystem with FinTechs and innovate fast. This skyrocketing use of APIs comes with a price.

“We’re seeing an increase in the number of API transactions, but we’re also seeing an increase in API attacks. We have to keep our data secure and our regulators happy, and we can’t get in the way of digital transformation – Salt fits right into that,” said Melle.

Because traditional solutions, such as web application firewalls (WAFs) and API gateways, lack the ability to correlate API activity over time, they can’t adequately protect this expanding attack surface. Bad actors have to probe APIs to understand the business logic and look for vulnerabilities. This reconnaissance means API attacks are  low and slow, and API security solutions must be able to spot this behavior as it occurs and before the bad actors achieve their targets.

Just as WAFs can’t correlate traffic over time, VM- or server-based API security solutions also fall short, lacking the scope of data and real-time analysis needed to build context to spot API attacks. Only cloud-scale big data, with sophisticated ML and AI doing real-time analysis yields the context needed to identify API attacks, which often unfold over days, weeks, and even months.

Berkshire Bank is tapping the Salt Security patented API Context Engine (ACE) architecture to get a full inventory of its APIs, perform API design analysis, ensure data protection by evaluating all traffic leaving the bank, and deliver runtime protection to stop API attacks.

According to Ryan,

“We considered other solutions, but they didn’t provide the range of capabilities we needed – we found the Salt architecture to be unique. The Salt system got stood up in a day, so it’s been simple operationally too.”

With Salt Security, Berkshire Bank can protect its APIs from account takeover (ATO) and ensure the safety of their services. Read more about how Berkshire Bank uses the Salt API security platform in this case study.

We love creating joint customer success stories like this one. How can we help you make your APIs attack proof and accelerate innovation? Feel free to contact us or request a customized demo.


Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

July 16, 2024

Eric Schwake
Head of Product Marketing


The Biggest Factors Influencing API Security Today

Several key factors are driving the current state of API security, including the rise of AI, the ongoing digital transformation, a booming app economy, and the challenges posed by shadow IT and regulatory compliance.

Read more

July 9, 2024

Eric Schwake
Head of Product Marketing


Salt Security Empowers API Governance with New Posture Policies Hub

Salt Security's Posture Policies Hub is a powerful new tool designed to help organizations simplify and streamline API posture governance.

Read more

June 21, 2024

Amanda Fitzsimmons
Head of Legal


Don't Get Salted: Why API Inventory is Key to PCI DSS 4.0 Compliance (and How Salt Security Can Help You Achieve It)

A secure API ecosystem starts with a clear understanding of what APIs you have and how they interact with your data.

Read more

Download this guide for advice on evaluating key capabilities in API Security

Get the guide