APIs foster the collaboration and rapid innovation at the heart of digital transformation. Our API security platform enables these innovators to securely connect their customers and partners to vital data and services.
Proud to be trusted by today's digital leaders
Learn about the Salt + CrowdStrike Falcon integration
Needed protection for the APIs at the core of the Finastra FusionFabric.cloud service to prevent account takeover, compromised applications calling the API, and exploitation of the threats outlined in the OWASP API Security Top 10
Needed to provide regulators with details on where APIs were exposing sensitive data and how APIs were being protected
Key Salt use cases:
Attack prevention: Salt stops attacks targeting the Finastra service, many of which use advanced techniques to evade rate limiting and other protections
Risk reduction: Salt provides insights about potential vulnerabilities and sensitive data exposure that Finastra can share with FinTech partners to help them understand and mitigate risk
Compliance: Salt identifies where APIs are exposing sensitive data to help Finastra meet regulatory requirements
CI/CD integration: Salt ties into Finastra’s dev workflows to avoid vulnerable APIs from launching
With eight robust apps in use plus another four or five under development, Xolv needed a solution that could automatically and continuously discover all its APIs, eliminate blind spots, assess risk, help vet the security posture of the APIs, and protect APIs from attack without throwing false security alerts.
Top use cases for Xolv:
find shadow APIs: Xolv uses Salt to discover its full inventory of APIs and document them, including shadow or unknown APIs, along with the sensitive data they expose. Xolv can also leverage Salt to identify zombie APIs, or APIs that should have been deprecated.
prevent data exfiltration: By leveraging the Salt API Context Engine (ACE) to identify abnormal behavior, the Xolv security team can stop attackers during the early stages of an attempted attack, automate that blocking as desired, and share insights to improve the company’s API security posture.
prevent account misuse/fraud: Xolv can configure the platform to automatically block this type of activity or send alerts with a full attack timeline to incident response teams to analyze the activity and block account misuse.
remediation to write better APIs: Salt provides Xolv with remediation insights derived across build and runtime to help the company’s development teams strengthen API security during the development phase.
API-first focus enabled consolidation across web and mobile apps – required augmentation of “classic security” WAF and bot management tools
Needed context into API activity to understand how customers were using apps and to differentiate between good and bad behavior to stop attacks
Key DeinDeal use cases:
Dynamic API discovery: Salt provides DeinDeal with an updated inventory of all its APIs and exposed sensitive data
Attack prevention: DeinDeal is constantly updating its website by changing APIs, and Salt automatically blocks any attacker attempting to abuse a vulnerability
Remediation insights: Salt provides details about API vulnerabilities that DeinDeal developers can use to improve API security posture
APIs enable each customer to have a unique experience and use any FinTech tool they want
Depending on tools like WAFs didn’t solve the API problem - it couldn’t scale and it could not detect API attacks targeting the bank’s Internet-facing mobile app
Key Fortune 500 Bank use cases:
Full API discovery: Salt gives the bank’s teams a full and continuously updated inventory of all its APIs and the sensitive data they expose
Attack prevention: protecting its customers’ financial data is critical to the bank, and Salt finds and stops attackers before they can succeed with account misuse or data exfiltration
Remediation insights: Salt helps the bank’s developers focus on new functionality by providing details on API vulnerabilities they can implement quickly to harden their APIs
Learn what “good” looks like in an API security platform
Learn everything you need to know to keep your APIs secure