Register for our Dec 19th Webinar: Beyond the Perimeter: Achieving Comprehensive API Security

Blog Post

Company

Salt Security + MuleSoft — Supercharge Your API Security Strategy

Michael Isbitski
Apr 1, 2021

By all accounts, the rate of API consumption has exploded. Many changes in modern IT — including cloud-native design, microservices architecture, DevOps practices, and a universal drive towards automation — have resulted in a growing number of APIs to manage for all organizations. Unfortunately, APIs have also become one of the most significant attack vectors as attackers chase a given organization’s crown jewels. APIs serve as the entry point to large volumes of data and sensitive business functionality which make them appealing to all types of attackers. From Salt Security’s State of API Security report, we saw that in 2020 API traffic grew 51%, but malicious API traffic grew 211%.

Salt Security is combining efforts with MuleSoft to bring best-of-breed API security to the market leader in API management and integration, the MuleSoft Anypoint Platform. The combined power of the Salt Security API Protection Platform and the MuleSoft Anypoint Platform fuels a strong API security strategy and can enable you to improve your API security posture for internal, external, and third-party APIs.

Driving business outcomes with MuleSoft

MuleSoft is a leader in API management (APIM) and API integration with the Anypoint Platform. With the Anypoint Platform, MuleSoft helps support many organizational business cases and development requirements including:

  • Application modernization and API mediation patterns such as API façade and back end for front ends
  • Productization of APIs
  • Developer and supplier self-service portals and workflow
  • Unified governance, policy management and access control enforcement for your mediated APIs
  • Visibility and observability over API consumption

How Salt Security enhances API security

From the State of API Security report, Salt Security saw that 100% of its customers had WAFs and API Gateways, and yet 100% of those same customers still experienced API attacks.

API gateways provide tremendous value in modern enterprise architecture, namely by helping facilitate API mediation patterns and enforcing API management policies. The combined MuleSoft and Salt offering helps to bolster this value by enhancing the security features of MuleSoft API Manager — capabilities that are more crucial as organizations embrace newer IT initiatives including digital transformation, cloud adoption, and API-first design. Organizations often operate multiple gateways and will often have APIs that are exposed through different mechanisms. As a result, most organizations lack powerful security visibility and protection for their APIs.

Get the comprehensive list of best practices to guide your API security journey.

Salt Security integrates with, and collects traffic from, a variety of devices in your organization’s enterprise architecture.  The Salt platform consolidates this view, providing a unified, full picture of your API portfolio and the relative risk your organization is facing.

The Salt Security API Protection Platform augments the controls available in MuleSoft with the following functionality:

  • Full context for your APIs and their business logic
  • Continuous API discovery, cataloging, and data classification for internal, external and third-party APIs to uncover potentially sensitive data exposures
  • Detection of attackers in early reconnaissance phases, helping to stop an attack campaign before it results in an incident or breach for your organization
  • Actionable remediation guidance for development and integration teams when API security issues are detected in runtime, including but not limited to the OWASP API Security Top 10
  • API schema analysis and real-time traffic analysis for uncovering the differences between documented and undocumented APIs, as well as detailing undocumented functionality in known APIs
  • Detailed chronology for API call and response anomalies and malicious activity
  • Runtime detection and enforcement
  • Integration with a wide range of on-premises data center, hybrid cloud, and multi-cloud environments

The combined power of Salt Security and MuleSoft

The pairing of the Salt Security API Protection Platform with the MuleSoft Anypoint Platform provides leading API security and API management capabilities, enabling a stronger API security strategy so your organization can:

  • Discover all your APIs, including undocumented functionality and potentially sensitive data exposures
  • Detect and stop attackers that are targeting your Anypoint-managed APIs early in reconnaissance phases to avoid security incidents that can result in brand damage, data exposure, data exfiltration, and regulatory penalties
  • Enhance your API security posture by providing actionable remediation guidance to development and integration teams to correct vulnerabilities in Anypoint
  • Provide granularity on API consumption and invocation, automatically generating baselines and highlighting abnormalities that arise as a result of one-off API attacks and extended attacker campaigns
  • Supercharge existing MuleSoft security controls like IP address allow and deny lists, rate limiting, TLS enforcement, and authentication and authorization

We’re excited to bring best-in-class API management and API security capabilities in this Salt+MuleSoft partnership! To learn more about API security, subscribe to the MuleSoft blog and the Salt Security blog.

If you’re interested in seeing the Salt Security API Protection Platform in action, contact us for a customized demo today!

Tags

Salt Security Blog

Sign up for the Salt Newsletter for the latest resources and blog posts.

December 13, 2024

Michael Callahan
Chief Marketing Officer

Industry

API Security is Not a Problem You Can Solve at the Edge

Edge security is a crucial component of an organization’s defense, but it’s just one piece of the puzzle. Learn why API security requires a broader view.

Read more

November 27, 2024

Eric Schwake
Head of Product Marketing

Industry

Beyond Traditional Security: Addressing the API Security Gap

To safeguard your business from API-specific threats, you need a dedicated solution that offers comprehensive visibility, in-depth contextual analysis, automated governance, robust data protection, and AI-driven threat prevention.

Read more

November 21, 2024

Eric Schwake
Head of Product Marketing

Industry

API (In)security: The Hidden Risk of Black Friday

Learn how, for online retailers, Black Friday represents both a lucrative opportunity and a significant cybersecurity challenge.

Read more

Download this guide for advice on evaluating key capabilities in API Security

Get the guide
Back