APIs power today’s digital economy and enable organizations to succeed in their business innovation efforts. Because every company’s APIs are unique, so are its security gaps, which bad actors will inevitably try to exploit. Only through rich context and deep behavioral analysis can these attackers be stopped.
Many of the APIs that enable today’s applications and business services live and breathe within the Amazon Web Service (AWS) ecosystem. That’s why Salt has expanded its existing relationship with AWS to achieve AWS WAF Ready designation and ensure that our API protection technology integrates seamlessly with AWS WAF to help organizations build stronger API security strategies.
Shortly after Salt become an AWS Ready Partner, Nick Rago, Field CTO at Salt, was joined by Matthew McCarty, Senior Security Consultant at AWS, and Sanchith Kandaka, Senior Edge Specialist Solutions Architect at AWS, for a live webinar to discuss how the Salt API Security Platform and AWS WAF work together to create a best-in-breed API security solution.
API security is a strategy, not a single tool or type of technology. It requires a multidisciplinary approach that recognizes and uses different technologies that all play a role in reducing risk for today’s complex API ecosystem. API gateways, WAFs, SIEM tools, and API posture behavior technology are key tools that are part of today’s security stacks, and companies look for the right capabilities in each of them to effectively protect their APIs.
WAFs, or web application firewalls, are one of the first things organizations think of when building their line of defense against today’s API attackers, and for good reason. They are an important frontline defense against common, pattern-based attack types, such as Denial of Service (DDoS), application vulnerability exploitation, or bot-induced threats.
The AWS WAF threat mitigation capabilities can help protect against common web exploits that may affect service availability, compromise security or consume excessive resources. Although its capabilities are crucial in mitigating cyber risk for businesses, when it comes to API security, WAF rules deal with a static workflow and can’t provide enough context into what a given application or user is doing against a specific API. That’s where a dedicated API security solution can help.
APIs present new application layer security challenges that WAFs are not architected to flush out and protect from:
Only an API security solution that can provide continuous discovery capabilities, runtime threat detection powered by time-tested AI and ML technology that can provide rich context into each API, and remediation insights that can be fed into development teams to help harden production APIs can help companies overcome these challenges and complement WAFs’ pattern-based threat detection capabilities.
When it comes to securing APIs effectively, we know that a multi-tool strategy that integrates WAF and API security intelligence can deliver a more robust outcome. That’s why Salt went through the AWS Ready program to ensure that the Salt API Protection Platform can integrate seamlessly with AWS WAF to stop today’s API attacks with their combined capabilities.
By becoming an AWS WAF Ready Partner, Salt can now help AWS WAF customers worldwide to accelerate the adoption of a holistic API security approach.
The Salt Security API Protection Platform deploys out of band to avoid interference with application performance or availability. Salt offers AWS WAF users a seamless integration that pairs the two technologies to strengthen their discovery, threat detection, and remediation capabilities.
Watch the joint webinar where Salt Security and AWS specialists had an in-depth conversation about how the Salt API security platform and AWS WAF create a best-of-breed solution that provides the context needed to identify and stop API attackers.
To learn more about how can help protect the APIs that power your critical services and data, sign up for a personalized demo.
It’s extremely important to make sure your OAuth implementation is secure. The fix is just one line of code away. We sincerely hope the information shared in our blog post series will help prevent major online breaches and help web service owners better protect their customers and users.
We want to thank our customers, partners and friends for the calls and messages to our team showing your concern and support.