Register for our Dec 19th Webinar: Beyond the Perimeter: Achieving Comprehensive API Security

Blog Post

Product

Extending our Lead in API Security — Augmenting our “Shift Left” Features

Michelle McLean
May 12, 2021

As the first company to deliver an API security platform, we here at Salt take enormous pride in our leadership position in this exploding market. We’ve built the best technology, earning the most customers, funding, and accolades along the way, and today we’re excited to share a few ways we’re extending our technical leadership.

Salt is uniquely focused on securing APIs across their full lifecycle — we believe organizations need to both “shift left” and “protect right,” as in RIGHT NOW. You need to get feedback to developers so they can write better APIs that let you stop playing “whack-a-mole,” fixing the same problem in runtime over and over. Keep the balance, though — you don’t want to over-rotate on shift left. We see CISOs looking to put in place protections that stop attackers right now, so no matter what happens in the DevOps processes, the data stays safe. As the CISO of Armis, Curtis Simpson, put it recently, “Improving dev practices is super valuable, but you can’t shift everything left at once. You’re changing the culture along with introducing a bunch of new technology into the pipeline. So with Salt, you get protected right now, and then you can focus on getting developers the remediation insights.”

Get the comprehensive list of best practices to guide your API security journey.

We’re making those insights even stronger with our recent enhancements. We’ve always used the minor successes of hackers doing the probing to learn a company’s APIs as a source of insight into how our customers can harden their APIs — using attackers as pen testers, we call it. In the latest series of updates to the Salt SaaS platform, we’ve added:

  • API security posture insights — the Salt platform identifies potential data leaks or security misconfigurations regardless of whether any hacker has tried to exploit them.
  • OAS comparison and updates — the Salt platform compares your OAS documentation to the APIs and sensitive data we automatically discover, highlighting where reality diverges from developer documentation. We often find customers have 10 times the number of APIs they think they do, and documentation is always missing tons of parameters.
  • automated alerting and OAS documentation — we send real-time alerts whenever the APIs and exposed parameters that we discover are out of synch with your OAS documentation. You can also export the full set of APIs and their exposed data, which we’re constantly discovering and updating, as OAS files you know are accurate and up to date. Such documentation can be super helpful in simplifying compliance.

So check out what Salt can do to keep your data and services protected from API hackers, who’ve figured out it’s well worth their time and resources to go after your APIs! Get a personalized demo, or check out how other customers are tapping the power of the Salt C-3A Context-based API Analysis Architecture to keep their APIs safe.

Tags

Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

November 27, 2024

Eric Schwake
Head of Product Marketing

Industry

Beyond Traditional Security: Addressing the API Security Gap

To safeguard your business from API-specific threats, you need a dedicated solution that offers comprehensive visibility, in-depth contextual analysis, automated governance, robust data protection, and AI-driven threat prevention.

Read more

November 21, 2024

Eric Schwake
Head of Product Marketing

Industry

API (In)security: The Hidden Risk of Black Friday

Learn how, for online retailers, Black Friday represents both a lucrative opportunity and a significant cybersecurity challenge.

Read more

November 5, 2024

Eric Schwake
Head of Product Marketing

Industry

API Security: The Non-Negotiable for Modern Transportation

Airlines and transportation companies heavily rely on APIs to handle sensitive data, from customer information to payment details and flight schedules. While crucial for efficient operations, these APIs are also prime cyberattack targets.

Read more

Download this guide for advice on evaluating key capabilities in API Security

Get the guide
Back