Salt is Leading the Pack in API Security

As the great Vince Lombardi once said, “Leaders aren't born, they are made. And they are made just like anything else, through hard work.” 

Hard work is exactly why Salt is an Overall Leader in the latest KuppingerCole API Management and Security Leadership Compass and why we stand out among the pack of 20 vendors that range from well-established big-names to new entrants in the market. According to the author Alexei Balaganski, all 20 claim to provide at least some API security capabilities, but despite their claims, Salt is a leader, and here’s why.‍

Focus is critical

While all vendors covered in the Leadership Compass claim some level of API security capabilities, for most, the main focus remains on API management. Security in these platforms includes authentication, authorization, encryption, and rate-limiting - all foundational but not enough to protect against top API threats.

The market is quickly coming to terms with the need for focused solutions that protect APIs beyond the basic capabilities. One sign of enlightenment is Gartner’s latest report, Advance Your Platform-as-a-Service Security, highlighting API security as a new, distinct pillar in their updated reference architecture. 

The new API Security pillar sits among Control Plane Security, Data Plane Security, and Internet Edge Security, a category that includes traditional tools such as WAFs, WAAPs, and API gateways - clearly highlighting that these tools fall short of protecting APIs and focused solutions are needed. You can read more about Gartner’s latest reference architecture and what it means for API security in our blog here.

What makes a leader

In short, it’s our hard work, laser focus on API security, track record of innovation, and our growing customer base. More specifically, as Alexei writes, Salt stands out for:

A strong focus on runtime protection

‍We’ve been focused on runtime protection from day one, seeing that pre-production efforts and existing app security tools weren’t enough to protect APIs. We took a new look at the problem, built a platform based on big data, AI, and ML, and got a patent for our approach to identifying and preventing malicious API attacks.

No signatures, configuration, or training

‍Each API is unique, and so are its vulnerabilities meaning that signatures are irrelevant. Relying on configuration or training is an approach that can’t keep up with rapid API changes. Automation is the only way, and our approach based on continuous analysis of API traffic gives our platform an understanding of each API’s unique behavior and the context needed to pinpoint attackers and stop attacks.

Automatic and continuous discovery

‍We all know you can’t protect what you can’t see. By analyzing API traffic, Salt discovers all your APIs, including the unknown ones (shadow and zombie), uncovers the granular details, highlights sensitive data exposure, alerts to changes, and maintains an API catalog. With Salt Discovery, you always have an up-to-date view of your attack surface and an accurate understanding of risk.

Security across the full API lifecycle

‍Runtime protection is essential, but without eliminating vulnerabilities, you’re stuck playing a virtual game of whack-a-mole. That’s why we turn attackers into penetration testers, learning from their actions as they probe your APIs and sending insights to dev teams for quick remediation of gaps. We also help identify gaps early in the dev cycle, enabling developers to harden APIs before release.