API Security Best Practices

Read the guide

Salt is Leading the Pack in API Security

Chris Westphal
Sep 13, 2021

As the great Vince Lombardi once said, “Leaders aren't born, they are made. And they are made just like anything else, through hard work.” 

Hard work is exactly why Salt is an Overall Leader in the latest KuppingerCole API Management and Security Leadership Compass and why we stand out among the pack of 20 vendors that range from well-established big-names to new entrants in the market. According to the author Alexei Balaganski, all 20 claim to provide at least some API security capabilities, but despite their claims, Salt is a leader, and here’s why.

Focus is critical

While all vendors covered in the Leadership Compass claim some level of API security capabilities, for most, the main focus remains on API management. Security in these platforms includes authentication, authorization, encryption, and rate-limiting - all foundational but not enough to protect against top API threats.

The market is quickly coming to terms with the need for focused solutions that protect APIs beyond the basic capabilities. One sign of enlightenment is Gartner’s latest report, Advance Your Platform-as-a-Service Security, highlighting API security as a new, distinct pillar in their updated reference architecture. 

The new API Security pillar sits among Control Plane Security, Data Plane Security, and Internet Edge Security, a category that includes traditional tools such as WAFs, WAAPs, and API gateways - clearly highlighting that these tools fall short of protecting APIs and focused solutions are needed. You can read more about Gartner’s latest reference architecture and what it means for API security in our blog here.

What makes a leader

In short, it’s our hard work, laser focus on API security, track record of innovation, and our growing customer base. More specifically, as Alexei writes, Salt stands out for:

A strong focus on runtime protection

We’ve been focused on runtime protection from day one, seeing that pre-production efforts and existing app security tools weren’t enough to protect APIs. We took a new look at the problem, built a platform based on big data, AI, and ML, and got a patent for our approach to identifying and preventing malicious API attacks.

No signatures, configuration, or training

Each API is unique, and so are its vulnerabilities meaning that signatures are irrelevant. Relying on configuration or training is an approach that can’t keep up with rapid API changes. Automation is the only way, and our approach based on continuous analysis of API traffic gives our platform an understanding of each API’s unique behavior and the context needed to pinpoint attackers and stop attacks.

Automatic and continuous discovery

We all know you can’t protect what you can’t see. By analyzing API traffic, Salt discovers all your APIs, including the unknown ones (shadow and zombie), uncovers the granular details, highlights sensitive data exposure, alerts to changes, and maintains an API catalog. With Salt Discovery, you always have an up-to-date view of your attack surface and an accurate understanding of risk.

Security across the full API lifecycle

Runtime protection is essential, but without eliminating vulnerabilities, you’re stuck playing a virtual game of whack-a-mole. That’s why we turn attackers into penetration testers, learning from their actions as they probe your APIs and sending insights to dev teams for quick remediation of gaps. We also help identify gaps early in the dev cycle, enabling developers to harden APIs before release.

Learn how app architecture and attack surfaces are changing, how app security needs to evolve, and how to empower security.

Customers say it all


Another area where Salt leads is in the Market category that looks at customers and product adoption. Not only are we the only pure-play API security vendor in this leader category, we’re also among big-name vendors with arguably a strong market presence. Our leadership here reflects our hard work and traction in the market and reinforces the previous point highlighting the need for focused API security solutions. 

A leader any way you slice it


Looking at multiple criteria is another way the report evaluates vendors. The view above combines the Market and Product categories showing how each vendor stacks up with market penetration and product capabilities. Salt sits above the line as an "overperformer," while vendors below lack customer adoption and platform features. 

Why focus matters

Salt leads the pack again in the combined view of Market and Innovation. Although we’re not above the line with other well-known vendors, it’s our customer traction and continued innovation in our product that makes us stand out. With API security being a rapidly evolving market segment, innovation is critical to meet emerging challenges and ensure the best protection possible.

We’re honored to be recognized by Alexei and the KuppingerCole team in this report for our hard work and leadership in API security. If you want to learn more about the Salt solution, why we were a leader in API security, and how to protect the APIs critical to your business, connect with us for a personalized demo.

Go back to blog