Subscribe to the Salt blog

Privacy Policy

Subscribe to our blog.

Subscribe Now

Salt Unveils Enhancements to AI Algorithms for API Security

Stephanie Best
Apr 19, 2023

We’re pleased to share that Salt has extended the capabilities of our powerful AI algorithms, further strengthening the threat detection and API discovery abilities of the Salt Security API Protection Platform. (Check out today’s announcement.) Here at Salt, we always look forward to the RSA Conference, but this year we are doubly excited to attend and showcase these new advanced capabilities!

Salt invests significant resources into the continued innovation of our API security platform. Salt already delivers the industry’s most time-tested AI algorithms for API security. Now we have extended those capabilities with enhancements for API attack detection and more robust API discovery.

By applying learnings from more than five years in the market, Salt can now leverage intelligent insights to dependably detect and block attacker reconnaissance activity at an even deeper level. Using Salt, organizations can now:

  • Better understand user intent to spot malicious activity
  • Differentiate between high- vs. low-severity attacks to focus on the biggest threats
  • Identify the most malicious attack events with a new Rapid Investigation mode in the Salt attacker timeline
  • Gain a more accurate mapping of API endpoints to inventory and understand APIs at scale

Improved user intent detection

How valuable would it be to your organization to know when an API user shows malicious intent? There are many causes for anomalies in API behaviors, but trying to figure out which ones are benign versus real threats can take up a huge amount of your SoC team’s time. Consider the benefits of easily distinguishing API changes from API attacks, for example. Our AI model enhancements make it possible to do just that. By better understanding user intent, Salt helps you reduce your false positive rate, while ensuring accurate detection of true positives.

Ranking of API attack severity

By prioritizing threats, you can focus on and eliminate the ones that present the most danger first. Sounds simple, right? However, to fully understand which API threats present the most danger requires deep and comprehensive insights into user activities over a long period of time – meaning, days, weeks, and even months. By analyzing more than one million anomalous users daily, the Salt cloud-scale data sets can more easily spot different levels of severity for API attacks.

Consider the T-Mobile API breach earlier this year. Although the attack had been going on since November 2022, T-Mobile’s security team only caught the attack in January! With the Salt cloud-scale data set, this type of attack would have surfaced earlier in the Salt API security platform because of our ability to look at overall user activity over a longer period of time. This larger window provides more visibility and intelligence to spot malicious attacker reconnaissance activity.

Rapid Investigation mode in Salt attacker timeline

Our customers frequently tell us how much they like the Salt attacker timeline. As one customer wrote in a review on Gartner Peer Insights:

“The attacker timeline is a great feature because it shows the connected steps a bad actor is using to abuse our system.”

With our new Rapid Investigation mode, the most malicious attack events are now highlighted at the top of the attacker timeline. API attacks show no sign of slowing down – in fact, it’s quite the opposite. The Q1 2023 State of API Security Report found a 400% increase in unique attackers between June and December 2022. By underscoring the most critical threats, Salt helps SoC teams reduce the mean time to resolve (MTTR) API attacks.

Accurate mapping of API endpoints

Also in the latest edition of the State of API Security Report, Salt found that less than one out of five respondents are confident that their API inventories provide enough detail about their APIs and the data within them. Salt is on a mission to change that! With improvements to our AI and ML models, organizations get a more accurate mapping of API endpoints. This is particularly relevant for large enterprise customers by allowing them to use intelligent grouping to effectively track and catalog their APIs at scale.

All of our latest capabilities help address critical API security needs for enterprise organizations, and we are proud to demonstrate them at the RSA Conference. If you’re attending the show, please reach out to us to set up an in-person demo at our booth or drop by – you’ll find us at Booth #1535 South Expo Hall, Moscone. If you can’t make it to RSA this year, you can also contact us to set up a customized demo at another time.

Tags

API Security Strategy
Product Updates
Go back to blog
Introducing Salt Security’s New AI-Powered Knowledge Base Assistant: Pepper!

Introducing Salt Security’s New AI-Powered Knowledge Base Assistant: Pepper!

We are happy to announce the availability of our AI-powered KB assistant, Pepper.

Eric Schwake
April 3, 2024
Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data

Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data

Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks.

Aviad Carmel
March 13, 2024
Salt Security, API Posture Governance, and the NIST Cybersecurity Framework 2.0

Salt Security, API Posture Governance, and the NIST Cybersecurity Framework 2.0

Salt Security provides an API risk management platform that seamlessly aligns with the updated NIST CSF guidelines.

Eric Schwake
March 8, 2024

Download this guide for advice on evaluating key capabilities in API Security

Learn everything you need to know to keep your APIs secure

We have updated and re-designed our Privacy Policy as of  March 2024 to make it easier to understand how we collect and use your personal data.

Get the guide
Read the new policy
Back