By all accounts, the rate of API consumption has exploded. Many changes in modern IT – including cloud-native design, microservices architecture, DevOps practices, and a universal drive towards automation – have resulted in a growing number of APIs to manage for all organizations. Unfortunately, APIs have also become one of the most significant attack vectors as attackers chase a given organization’s crown jewels. APIs serve as the entry point to large volumes of data and sensitive business functionality which make them appealing to all types of attackers. From Salt Security’s State of API Security report, we saw that in 2020 API traffic grew 51%, but malicious API traffic grew 211%.
Salt Security is combining efforts with MuleSoft to bring best-of-breed API security to the market leader in API management and integration, the MuleSoft Anypoint Platform. The combined power of the Salt Security API Protection Platform and the MuleSoft Anypoint Platform fuels a strong API security strategy and can enable you to improve your API security posture for internal, external, and third-party APIs.
MuleSoft is a leader in API management (APIM) and API integration with the Anypoint Platform. With the Anypoint Platform, MuleSoft helps support many organizational business cases and development requirements including:
From the State of API Security report, Salt Security saw that 100% of its customers had WAFs and API Gateways, and yet 100% of those same customers still experienced API attacks.
API gateways provide tremendous value in modern enterprise architecture, namely by helping facilitate API mediation patterns and enforcing API management policies. The combined MuleSoft and Salt offering helps to bolster this value by enhancing the security features of MuleSoft API Manager – capabilities that are more crucial as organizations embrace newer IT initiatives including digital transformation, cloud adoption, and API-first design. Organizations often operate multiple gateways and will often have APIs that are exposed through different mechanisms. As a result, most organizations lack powerful security visibility and protection for their APIs.
Salt Security integrates with, and collects traffic from, a variety of devices in your organization’s enterprise architecture. The Salt platform consolidates this view, providing a unified, full picture of your API portfolio and the relative risk your organization is facing.
The Salt Security API Protection Platform augments the controls available in MuleSoft with the following functionality:
The pairing of the Salt Security API Protection Platform with the MuleSoft Anypoint Platform provides leading API security and API management capabilities, enabling a stronger API security strategy so your organization can:
We’re excited to bring best-in-class API management and API security capabilities in this Salt+MuleSoft partnership! To learn more about API security, subscribe to the MuleSoft blog and the Salt Security blog.
Dr. Anton Chuvakin, security advisor at Office of the CISO, Google Cloud, joined our recent API Security Summit. Dr. Chuvakin’s session – co-hosted by Salt Security's Michelle McLean – provided an in-depth discussion on why API security has become a “now” problem.
The monetary growth opportunities promised by APIs are immense, but to harness them, CISOs must ensure the protection of their APIs.
With the industry moving to microservices and API-driven applications, new security threats and attack vectors have emerged. The PCI Security Standards Council has worked to address these threats in its newest PCI DSS 4.0 standard.