The Real Measure of Security Effectiveness: Operationalizing the Tech

Jul 20, 2022

We here at Salt are excited about today’s announcement unveiling several new capabilities in the Salt Security API Protection Platform. With these enhancements, Salt continues to advance the state of the art in API security; however, even more notable, the new functionality makes it easier than ever before to operationalize API security.

To avoid becoming “shelfware” – the disparaging term for products that get bought but never deployed – security products must be practical to ultimately be effective. Consider the beleaguered security team – too much data, across too many different tech stacks, spanning BUs they only kind of understand, reacting to an ever-changing threat landscape, laid out on a variety of UIs. No wonder security leads routinely identify products that never really got running.

Salt invests heavily in making day-to-day use of our pioneering tech accessible, intuitive, and useful. Today’s new features reinforce that focus across runtime protection, API usage trends, and pre-prod testing. Here’s a little more color on each new capability.

More detailed attacker timelines that simplify threat hunting

Salt has already pioneered two critical elements for runtime protection of APIs:

Breadth of data. Salt processes billions of calls, correlating them over time, to effectively detect bad actors. Other API solutions can process activities spanning the past few minutes or maybe hours. Salt knows what every user did across every API over days, weeks, or even months. That’s how you find a really subtle attack like a single-parameter BOLA (a bad actor manipulating just one parameter, detectable solely by knowing the same user submitted a different parameter in previous API calls). Only Salt pairs cloud-scale big data with AI and ML to spot behavioral anomalies drawn out over time.
‍Attacker timeline. Salt takes all that rich context, correlates connected activities, and presents the attack information in a consolidated attacker timeline, that generates a single alert.

Today’s enhancement to the attacker timeline provides more clarity on the sequence of activities, what about the actions triggers it to be labeled an attack, and enhanced analysis capabilities. These improvements make it easier for customers to perform threat hunting, spotting malicious activities faster and more easily. Security teams can also streamline incident response and share enhanced remediation insights with additional details for developers to harden APIs.

API usage insights with API call sequence visualization

Salt is once again first to market with another API security capability – the first support for a visual layout of API call steps. Showing all the steps in a sequence of API calls reveals helpful insights about API usage. Teams can identify unexpected usage patterns that could indicate inefficiencies or other API design flaws for example. They’ll also see how different services and users are entering API flows, how users are interacting with the APIs, and usage patterns that could indicate misuse of APIs. These types of resource allocation and conformance monitoring will help businesses better optimize their APIs.

Contextual API security testing

Testing APIs for business logic flaws is crucial to strengthening the API security posture of any company. With today’s new functionality, Salt customers will now have the ability to simulate sophisticated API attacks across APIs in runtime, pre-production, and development cycles. Simulations like these more accurately reflect real-world attacks vs. simplified lab-construed, short-lived attacks. Bad actors know what the rudimentary protections provide – to catch their more sophisticated, nuanced, and drawn-out attacks, customers need attack simulation capabilities that are closer to real life. Since already running APIs present the biggest threat surface, applying such simulations against production APIs reduces the greatest risk. Companies will also want to “shift left” with API security, applying features like API security testing during the build phase, and integration with CI/CD systems, so developers can identify security gaps they need to fix before releasing an API into production.

API security requires rich context

A big part of “getting it right” with API security revolves around context – Salt knows it’s our burden to build rich context around what’s normal so we can easily spot what’s not. But that kind of context is our responsibility within our platform.

With these enhancements, Salt improves the context our customers have around their APIs in runtime, their API usage, and their business logic flaws. By making those insights more visual, more intuitive, and more comprehensive, we’re making it easier for customers to operationalize API security that fits their people and processes.

If you’d like to see Salt in action, we’d love to share a personalized demo and discuss how we can make it easier for you to operationalize API security.

‍

Go back to blog

Introducing Salt Security’s New AI-Powered Knowledge Base Assistant: Pepper!

We are happy to announce the availability of our AI-powered KB assistant, Pepper.

Eric Schwake

April 3, 2024

Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data

Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks.