Protecting the innovators

Key Ally challenges:

• Business-critical API-based services required protection that WAFs, bot mitigation tools, and API gateways could not provide
  

Key Salt use cases:

• Attack prevention: Salt identifies and stops attacks missed by the company’s WAF and API gateway including the threats defined in the OWASP API Security Top 10
• Remediation insights: Salt creates remediation insights based on identified attack activity that dev teams use to eliminate API vulnerabilities and improve security
• Compliance: Salt identifies Zombie and Shadow APIs as well as exposure of sensitive data such as PII

Resources

• Video
• Blog post
• Press release

Key TripActions challenges:

• COVID-19 forced rapid platform adjustments and enhancements that spurred more use of APIs
• The company needed automated API discovery to stay ahead of agile development
• Business operations needed insights into API usage patterns

Key Salt use cases:

• Discover all APIs: Only Salt automatically and continuously discovers all APIs, capturing granular details to eliminate blind spots, assess risk, and keep APIs protected even as the environment evolves and changes.
• Prevent sensitive data exposure: Only Salt details each instance of exposed sensitive data, across all your APIs, to reduce your risk. Salt helps TripActions identify where APIs could expose sensitive data and see how customers and employees are using APIs
• Stop API attacks: Only Salt uses big data and patented artificial intelligence (AI) to analyze and correlate the activity of millions of users in parallel to identify and stop attacks early. Salt helps TripActions validate the pen testing activities of its internal testers and bug bounty program.

Resources:

• Blog Post

Key Finastra challenges:

• Needed protection for the APIs at the core of the Finastra FusionFabric.cloud service to prevent account takeover, compromised applications calling the API, and exploitation of the threats outlined in the OWASP API Security Top 10
• Needed to provide regulators with details on where APIs were exposing sensitive data and how APIs were being protected
  

Key Salt use cases:

• Attack prevention: Salt stops attacks targeting the Finastra service, many of which use advanced techniques to evade rate limiting and other protections
• Risk reduction: Salt provides insights about potential vulnerabilities and sensitive data exposure that Finastra can share with FinTech partners to help them understand and mitigate risk
• Compliance: Salt identifies where APIs are exposing sensitive data to help Finastra meet regulatory requirements
• CI/CD integration: Salt ties into Finastra’s dev workflows to avoid vulnerable APIs from launching
  

Resources:

• Video
• Blog Post
• Case Study
• ‍Press Release

Key Armis challenges:

• COVID increased API creation 10 fold and developers could no longer manually document and test each new API.
• Fast API rollout left API parameters and exposed sensitive data undocumented.

Key Salt use cases:

• Attack prevention: Salt provides runtime protection by identifying and stopping attacks targeting APIs
• Dynamic API discovery: Salt automatically and continuously inventories all APIs as they are released or changed weekly and alerts on changes to where APIs expose sensitive data.
• Remediation insights: Armis dev teams receive insights from the Salt solution with details about how APIs can be strengthened.
• Compliance: Armis leverages the dynamic reporting in Salt for compliance audits and to demonstrate FedRAMP adherence.
  

Resources:

• Video

Key AppsFlyer challenges:

• Needed to detect and prevent attacks targeting the unique logic of the APIs at the core of its service
• Found that next-generation WAFs and bot mitigation solutions were not able to address the company’s requirements for API security
  

Key Salt use cases:

• Granular visibility: Salt provides automated discovery and granular details for all AppsFlyer APIs to enable a better understanding of the attack surface and risk
• Continuous discovery: Salt provides insight into when dev teams roll out new APIs so the security team has a full inventory
• Attack detection: Salt continuously monitors APIs in production and alerts on malicious activity so AppsFlyer can stop attackers before they succeed 
• Attack prevention: Salt consolidated alerts provide the entire attacker timeline and give SOC teams context to take action quickly
• Remediation insights: Salt provides dev teams with insights to identify and eliminate potential vulnerabilities and make APIs more secure, before they’re launched into production use
  

Resources:

• Blog Post
• Case Study
• Press Release

Key Challenges: 

With eight robust apps in use plus another four or five under development, Xolv needed a solution that could automatically and continuously discover all its APIs, eliminate blind spots, assess risk, help vet the security posture of the APIs, and protect APIs from attack without throwing false security alerts.

Top use cases for Xolv:

• find shadow APIs: Xolv uses Salt to discover its full inventory of APIs and document them, including shadow or unknown APIs, along with the sensitive data they expose. Xolv can also leverage Salt to identify zombie APIs, or APIs that should have been deprecated.
• prevent data exfiltration: By leveraging the Salt API Context Engine (ACE) to identify abnormal behavior, the Xolv security team can stop attackers during the early stages of an attempted attack, automate that blocking as desired, and share insights to improve the company’s API security posture.
• prevent account misuse/fraud: Xolv can configure the platform to automatically block this type of activity or send alerts with a full attack timeline to incident response teams to analyze the activity and block account misuse.
• remediation to write better APIs: Salt provides Xolv with remediation insights derived across build and runtime to help the company’s development teams strengthen API security during the development phase.

Resources:

• Blog Post
• Case Study
• Press Release

Key DeinDeal challenges:

• API-first focus enabled consolidation across web and mobile apps – required augmentation of “classic security” WAF and bot management tools
• Needed context into API activity to understand how customers were using apps and to differentiate between good and bad behavior to stop attacks

Key DeinDeal use cases:

• Dynamic API discovery: Salt provides DeinDeal with an updated inventory of all its APIs and exposed sensitive data
• Attack prevention: DeinDeal is constantly updating its website by changing APIs, and Salt automatically blocks any attacker attempting to abuse a vulnerability
• Remediation insights: Salt provides details about API vulnerabilities that DeinDeal developers can use to improve API security posture

Resources:

• ‍Case Study

Key Fortune 500 Bank challenges:

• APIs enable each customer to have a unique experience and use any FinTech tool they want
• Depending on tools like WAFs didn’t solve the API problem - it couldn’t scale and it could not detect API attacks targeting the bank’s Internet-facing mobile app
  

Key Fortune 500 Bank use cases:

• Full API discovery: Salt gives the bank’s teams a full and continuously updated inventory of all its APIs and the sensitive data they expose
• Attack prevention: protecting its customers’ financial data is critical to the bank, and Salt finds and stops attackers before they can succeed with account misuse or data exfiltration
• Remediation insights: Salt helps the bank’s developers focus on new functionality by providing details on API vulnerabilities they can implement quickly to harden their APIs