Salt partners with Software AG on enhanced API security

Today Software AG shared the news about our joint partnership to improve API security. Salt has developed an integration with the Software AG Web Methods API Gateway to make it easy for our joint customers to augment the API management capabilities of Web Methods with the full lifecycle security capabilities of the Salt Security API Protection Platform.

The Salt Labs State of API Security Report Q1 2022 showed that in the last 12 months, API attack traffic grew 681% while overall API traffic grew 321%. By combining the API management capabilities of Software AG with API security from Salt, customers can get:

• a complete inventory of all APIs, including those deployed in Web Methods and beyond
• an understanding of where APIs are exposing sensitive data
• runtime protection to identify and stop attackers
• pre-production testing of APIs to identify security gaps
• runtime remediation insights to harden APIs

Watch this short video to learn more about how our solution integrates with Software AG webMethods API gateway.

How Salt Security enhances API security

The State of API Security report highlights that 100% of Salt customers had WAFs and API Gateways but they all suffer API attacks that get past those devices. API gateways simply aren’t architected to capture and correlate API traffic over time. That kind of rich context, spanning days, weeks, and months, is essential for identifying API attacks.

Salt leverages the Web Methods platform as an API traffic collection point. It then feeds that traffic into its cloud-scale big data engine, applying AI and ML to baseline what’s “normal” across millions of users and API calls. When the platform identifies an API attack, it sends a command to the Software AG platform to block the attacker, protecting the customer’s vital data and services.

“We are very excited to partner with Salt to better address the growing need for enhanced API security in today’s digital business climate. The Salt Security API Protection Platform secures all APIs by preventing attacks and eliminating API vulnerabilities. Together with Software AG’s API management capabilities, our new partnership with Salt will help organizations discover and better protect their APIs against all types of threats.” – Suraj Kumar, General Manager API, Integration & Microservices for Software AG

The Salt platform integrates with, and collects traffic from, a variety of devices in your organization’s enterprise architecture.  The Salt platform provides:

• Full context for your APIs and their business logic
• Continuous API discovery, cataloging, and data classification for internal, external and third-party APIs to uncover potentially sensitive data exposures
• Detection of attackers in early reconnaissance phases, helping to stop an attack campaign before it results in an incident or breach for your organization
• Actionable remediation guidance for development and integration teams when API security issues are detected in runtime, including but not limited to the OWASP API Security Top 10
• API schema analysis and real-time traffic analysis for uncovering the differences between documented and undocumented APIs, as well as detailing undocumented functionality in known APIs
• Detailed chronology for API call and response anomalies and malicious activity
• Runtime detection and enforcement
• Integration with a wide range of on-premises data center, hybrid cloud, and multi-cloud environments

The advantage of Salt + Software AG

Together, the Salt Security API Protection Platform and the Software AG Web Methods platform combine market-leading API security and API management capabilities, enabling you to:

• Discover all your APIs, including undocumented functionality and potentially sensitive data exposures
• Detect and stop attackers in their reconnaissance phases, avoiding security incidents that can result in brand damage, data exposure, data exfiltration, and regulatory penalties
• Enhance your API security posture by providing actionable remediation guidance to development and integration teams to correct API vulnerabilities
• Provide granularity on API consumption and invocation, automatically generating baselines and highlighting abnormalities that arise as a result of one-off API attacks and extended attacker campaigns

We’re excited to bring best-in-class API management and API security capabilities in this Salt+Software AG partnership. To learn more about API security, subscribe to the Salt Security blog, or request your personalized demo today.