We here at Salt are excited about today’s announcement unveiling several new capabilities in the Salt Security API Protection Platform. With these enhancements, Salt continues to advance the state of the art in API security; however, even more notable, the new functionality makes it easier than ever before to operationalize API security.
To avoid becoming “shelfware” – the disparaging term for products that get bought but never deployed – security products must be practical to ultimately be effective. Consider the beleaguered security team – too much data, across too many different tech stacks, spanning BUs they only kind of understand, reacting to an ever-changing threat landscape, laid out on a variety of UIs. No wonder security leads routinely identify products that never really got running.
Salt invests heavily in making day-to-day use of our pioneering tech accessible, intuitive, and useful. Today’s new features reinforce that focus across runtime protection, API usage trends, and pre-prod testing. Here’s a little more color on each new capability.
Salt has already pioneered two critical elements for runtime protection of APIs:
Today’s enhancement to the attacker timeline provides more clarity on the sequence of activities, what about the actions triggers it to be labeled an attack, and enhanced analysis capabilities. These improvements make it easier for customers to perform threat hunting, spotting malicious activities faster and more easily. Security teams can also streamline incident response and share enhanced remediation insights with additional details for developers to harden APIs.
Salt is once again first to market with another API security capability – the first support for a visual layout of API call steps. Showing all the steps in a sequence of API calls reveals helpful insights about API usage. Teams can identify unexpected usage patterns that could indicate inefficiencies or other API design flaws for example. They’ll also see how different services and users are entering API flows, how users are interacting with the APIs, and usage patterns that could indicate misuse of APIs. These types of resource allocation and conformance monitoring will help businesses better optimize their APIs.
Testing APIs for business logic flaws is crucial to strengthening the API security posture of any company. With today’s new functionality, Salt customers will now have the ability to simulate sophisticated API attacks across APIs in runtime, pre-production, and development cycles. Simulations like these more accurately reflect real-world attacks vs. simplified lab-construed, short-lived attacks. Bad actors know what the rudimentary protections provide – to catch their more sophisticated, nuanced, and drawn-out attacks, customers need attack simulation capabilities that are closer to real life. Since already running APIs present the biggest threat surface, applying such simulations against production APIs reduces the greatest risk. Companies will also want to “shift left” with API security, applying features like API security testing during the build phase, and integration with CI/CD systems, so developers can identify security gaps they need to fix before releasing an API into production.
A big part of “getting it right” with API security revolves around context – Salt knows it’s our burden to build rich context around what’s normal so we can easily spot what’s not. But that kind of context is our responsibility within our platform.
With these enhancements, Salt improves the context our customers have around their APIs in runtime, their API usage, and their business logic flaws. By making those insights more visual, more intuitive, and more comprehensive, we’re making it easier for customers to operationalize API security that fits their people and processes.
If you’d like to see Salt in action, we’d love to share a personalized demo and discuss how we can make it easier for you to operationalize API security.
It’s extremely important to make sure your OAuth implementation is secure. The fix is just one line of code away. We sincerely hope the information shared in our blog post series will help prevent major online breaches and help web service owners better protect their customers and users.
We want to thank our customers, partners and friends for the calls and messages to our team showing your concern and support.