Subscribe to our blog.
Subscribe Now
The only dedicated API Security Platform to achieve the AWS Security Competency as a qualified software partner
Why do you need a dedicated API security solution even on a leading cloud platform like AWS?
APIs recently became the main cybersecurity threat vector, with global enterprise data breaches impacting hundreds of millions of customer records.
Due to the nature of typical API attacks — low-and-slow — and the architectural limitations of API gateways and WAFs, traditional protections are not able to prevent API breaches without understanding the context, including business logic.
As such, no native AWS service on its own is able to provide complete visibility and protection of the entire API lifecycle.
Because threats to APIs are significantly different when compared to what we’ll classify as traditional applications, an API-specific security risks list was released in 2019 — and recently updated in 2023 with significant contribution from Salt's experts.
Salt's API Protection Platform is able to protect against all of the OWASP API Security Top 10 threats!
Salt can trigger the web application firewall service to block API attack sources automatically, even in the early reconnaissance phase
Tapping into the REST and HTTP API traffic — through the AWS Lambda native extension with minimal latency and overhead
Using VPC Traffic Mirroring to capture unencrypted traffic, while Application Load Balancer of ELB can mirror encrypted traffic
Salt Sensor and Hybrid Server support a broad selection of compute services including EC2, EKS, ECS and Fargate
Throughout the API lifecycle, you will be developing and deploying your APIs in your cloud native environment. Salt is able to tap into the API traffic through the services listed below. The API requests-responses will be then sent for analysis in our SaaS platform, directly or after sanitization through our Hybrid server deployed on AWS.
An accelerated procurement and provisioning process through the AWS Marketplace allows you to decrease your “Time to full API Protection”. If you have EDP/PPA agreement with AWS as an enterprise customer, your contracted cloud budget can be allocated to the Salt solution through the Marketplace. Private Offers are available for custom multi-year enterprise agreements.
We decided to build our SaaS on AWS, due to its inherent high-level security, compliance and broad adoption. AWS is collaborating with cybersecurity companies like Salt to integrate and deploy their solution hand-in-hand.
Salt’s solution architects and field engineers are highly experienced and certified for AWS technologies, being able to quickly deploy API protection in complex multi-AZ, multi-VPC, multi-account environments.
