State of API Security Report Q3 2022
Learn more
We support the broadest range of tools and platforms and can integrate across all your application environments to protect your API-driven applications.
Securing APIs With Salt Using Agentless AWS VPC Traffic Mirroring
An overview of API gateways and API security
An overview of WAFs and API security
Amazon Web Services (AWS) offers cloud computing services to individuals, companies, and governments. The Amazon API Gateway is a fully managed service that helps developers create, publish, maintain, and monitor APIs at any scale. The AWS WAF is a web application firewall that helps protect web applications against common web exploits that may affect availability, compromise security, or consume excessive resources.
AWS integrates with Salt to mirror a copy of API traffic to the Salt API Protection Platform from AWS virtual private clouds (VPCs), the Amazon API Gateway, and the AWS WAF. The Salt platform uses big data and patented artificial intelligence (AI) to analyze all API traffic and establish a granular baseline of legitimate behavior for your unique APIs. The platform maintains state across 100s of attributes of typical behavior for each user or entity, including aspects such as consistency of parameter input, frequency of requests, volume of response, and devices or addresses typically used. Through continuous analysis of API traffic, Salt provides real-time discovery of APIs, protection against threats, and insights to aid in the remediation of vulnerabilities. The Salt platform can also send enforcement commands to the Amazon API Gateway and the AWS WAF to block an attacker.
An overview of API gateways and API security
Apigee is an API management platform that helps businesses accelerate with APIs. Apigee gives enterprises control over and visibility into the APIs that connect applications and data, across the enterprise and across clouds.
Apigee integrates with Salt to mirror a copy of API traffic to the Salt API Protection Platform. The Salt platform uses big data and patented artificial intelligence (AI) to analyze all API traffic and establish a granular baseline of legitimate behavior for your unique APIs. The platform maintains state across 100s of attributes of typical behavior for each user or entity, including aspects such as consistency of parameter input, frequency of requests, volume of response, and devices or addresses typically used. Through continuous analysis of API traffic, Salt provides real-time discovery of APIs, protection against threats, and insights to aid in the remediation of vulnerabilities. The Salt platform can also send enforcement commands to the Apigee platform to block an attacker.
An overview of WAFs and API security
Microsoft Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers. The Azure web application firewall (WAF) is delivered from Azure and protects web applications from malicious attacks and common web vulnerabilities, such as SQL injection and cross-site scripting. Azure API Management is an API gateway that is used to manage APIs in Azure, on prem, and in multi cloud deployments.
Microsoft Azure integrates with Salt to mirror a copy of API traffic to the Salt API Protection Platform from Azure virtual networks (VNets) and the Azure WAF. The Salt platform uses big data and patented artificial intelligence (AI) to analyze all API traffic and establish a granular baseline of legitimate behavior for your unique APIs. The platform maintains state across 100s of attributes of typical behavior for each user or entity, including aspects such as consistency of parameter input, frequency of requests, volume of response, and devices or addresses typically used. Through continuous analysis of API traffic, Salt provides real-time discovery of APIs, protection against threats, and insights to aid in the remediation of vulnerabilities. The Salt platform can also send enforcement commands to the Azure WAF and Azure API Management to block an attacker.
Blog - CrowdStrike invests in Salt Security
CrowdStrike is the pioneer of cloud-delivered endpoint protection. CrowdStrike Falcon has revolutionized endpoint security by being the first and only solution to unify next-generation antivirus, endpoint detection and response (EDR), and a 24/7 threat hunting service — all delivered via a single lightweight agent.
Salt and CrowdStrike are partnering to bring deep API context to our joint customers. We share a common philosophy that the context derived from rich behavioral analysis at cloud scale is essential to protecting digital assets today. Augmenting the web insights CrowdStrike provides its customers with extensive detail about API vulnerabilities, API exploits, and API testing can improve how our joint customers defend against today’s sophisticated API attacks.
Google Cloud Platform (GCP) is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, file storage, and YouTube.
GCP integrates with Salt to mirror a copy of API traffic to the Salt API Protection Platform from GCP virtual private clouds (VPCs). The Salt platform uses big data and patented artificial intelligence (AI) to analyze all API traffic and establish a granular baseline of legitimate behavior for your unique APIs. The platform maintains state across 100s of attributes of typical behavior for each user or entity, including aspects such as consistency of parameter input, frequency of requests, volume of response, and devices or addresses typically used. Through continuous analysis of API traffic, Salt provides real-time discovery of APIs, protection against threats, and insights to aid in the remediation of vulnerabilities.
Jira is part of Atlassian, a company that provides software that helps teams organize, plan, communicate, and work collaboratively. Jira helps teams plan track, and release software with support for a variety of use cases, from requirements and test case management to agile software development and bug tracking.
Salt Security integrates with Jira to help security and development teams collaborate and eliminate API vulnerabilities. The Salt platform captures attackers’ reconnaissance efforts as they probe APIs for vulnerabilities. Salt then encapsulates those learnings as Remediation Insights, with the information development teams need to eliminate vulnerabilities. Salt integrates with Jira to route those Remediation Insights to the right development team, bridging the gap between security and dev teams.
An overview of our integration with the Kong API gateway
An overview of API gateways and API security
Kong helps organizations connect APIs and microservices across today’s hybrid and multi-cloud environments. The Kong platform manages and orchestrates microservice APIs and powers trillions of API transactions for leading organizations globally.
Kong integrates with Salt to mirror a copy of API traffic to the Salt API Protection Platform. The Salt platform uses big data and patented artificial intelligence (AI) to analyze all API traffic and establish a granular baseline of legitimate behavior for your unique APIs. The platform maintains state across 100s of attributes of typical behavior for each user or entity, including aspects such as consistency of parameter input, frequency of requests, volume of response, and devices or addresses typically used. Through continuous analysis of API traffic, Salt provides real-time discovery of APIs, protection against threats, and insights to aid in the remediation of vulnerabilities. The Salt platform can also send enforcement commands to the Kong platform to block an attacker.
Salt Security Joins the MuleSoft Technology Partner Program
Salt Security + MuleSoft – Supercharge Your API Security Strategy
An overview of API gateways and API security
MuleSoft provides the world’s leading API integration and management platform. MuleSoft makes it easy to connect data from any system – no matter where it resides – to create connected experiences, faster. Thousands of organizations across all types of industries rely on MuleSoft to realize speed, agility, and innovation at scale.
MuleSoft integrates with Salt to mirror a copy of API traffic to the Salt API Protection Platform. The Salt platform uses big data and patented artificial intelligence (AI) to analyze all API traffic and establish a granular baseline of legitimate behavior for your unique APIs. The platform maintains state across 100s of attributes of typical behavior for each user or entity, including aspects such as consistency of parameter input, frequency of requests, volume of response, and devices or addresses typically used. Through continuous analysis of API traffic Salt provides real-time discovery of APIs, protection against threats, and insights to aid in the remediation of vulnerabilities. The Salt platform can also send enforcement commands to the MuleSoft platform to block an attacker.
An overview of API gateways and API security
An overview of WAFs and API security
The NGINX Application Platform helps reduce complexity by consolidating common functions such as web server, load balancer, content cache, web application firewall (WAF), and API gateway into a single piece of software.
NGINX integrates with Salt to mirror a copy of API traffic to the Salt API Protection Platform. The Salt platform uses big data and patented artificial intelligence (AI) to analyze all API traffic and establish a granular baseline of legitimate behavior for your unique APIs. The platform maintains state across 100s of attributes of typical behavior for each user or entity, including aspects such as consistency of parameter input, frequency of requests, volume of response, and devices or addresses typically used. Through continuous analysis of API traffic Salt provides real-time discovery of APIs, protection against threats, and insights to aid in the remediation of vulnerabilities. The Salt platform can also send enforcement commands to the NGINX platform to block an attacker.
Salt Security in the Snowflake Data Marketplace
Snowflake delivers the Data Cloud — a global network where thousands of organizations mobilize data with scale, concurrency, and performance. Inside the Data Cloud, organizations unite their siloed data, easily discover and securely share governed data, and execute diverse analytic workloads. Snowflake delivers a single and seamless experience across multiple public clouds. The Snowflake platform provides access to the Data Cloud, creating a solution for data warehousing, data lakes, data engineering, data science, data application development, and data sharing.
Salt Security integrates with Snowflake to deliver real-time API security incident alerts and attacker data to your Snowflake account. Salt correlates all attack activity from the same user into a consolidated attack timeline. The attack timeline is sent to Snowflake, giving security teams a clear view of an attack's steps and sequence to reduce investigation times and help teams stop attackers in their tracks.
Software AG is the software pioneer of a truly connected world. Since 1969, it has helped 10,000+ organizations use software to connect people, departments, systems and devices. Software AG empowers truly connected enterprises using integration and APIs, IoT and analytics, and business and IT transformation. Software AG’s products establish a fluid flow of data that allows everything and everyone to work together. The company has more than 4,700 employees across more than 70 countries and annual revenue of over €800m, with the aim of exceeding €1bn by 2023.
Salt Security integrates with the Software AG API management platform to enhance API security. The Salt platform discovers APIs that have been released outside the Software AG platform so organizations can improve their API management. Salt also detects API attacks, correlating all attacker activity into a single timeline – it then leverages our integration with the Software AG platform to block attackers before they can reach their objective.
The Splunk platform helps organizations search, analyze, monitor, and visualize the machine-generated data gathered from their websites, applications, sensors, and devices. Splunk makes it possible to use any kind of data for real-world action. Splunk Enterprise Security (Splunk ES) is a security information and event management (SIEM) solution that enables security teams to quickly detect and respond to internal and external attacks, to simplify threat management while minimizing risk, and safeguard businesses.
Salt Security integrates with Splunk to deliver real-time API security incident alerts and attacker data to Splunk SE. Salt correlates all attack activity from the same user into a consolidated attack timeline. Salt sends this attack timeline to Splunk SE, giving security teams a clear view of an attack's steps and sequence to reduce investigation times and help teams stop attackers in their tracks.
Sumo Logic is a cloud-based machine data analytics company focusing on security, operations, and BI use cases. It provides log management and analytics services that leverage machine-generated big data to deliver real-time IT insights. The Sumo Logic Cloud SIEM Enterprise provides security analysts with enhanced visibility to monitor their on-premises, hybrid, and multi-cloud infrastructures and thoroughly understand the impact and context of an attack.
Salt Security integrates with Sumo Logic to deliver real-time API security incident alerts and attacker data to Sumo Logic Cloud SIEM Enterprise. Salt correlates all attack activity from the same user into a consolidated attack timeline. Salt sends the attack timeline to the Sumo Logic platform so security teams get a clear view of an attack's steps and sequence, helping to reduce investigation times and stop attackers in their tracks.
We work with leading channel partners who have deep security, application, cloud, and digital transformation expertise, jointly offering services and solutions that protect all your APIs.
Salt Partner Portal login
AA-Consulting combines over two decades of experience in supplying leading organizations and institutions with reliable, high-quality products and solutions and a keen focus on Africa.
EMEA
Armadillo Managed Services is a cyber security consultancy who works in many different areas of delivering cyber resilience to help deliver business outcomes and support cyber delivery goals. With millions spent each year keeping cyber threat to a minimum, Armadillo supports organisations ensuring they see a return on their current cyber investment, driving technical, operational and business value, Armadillo can support you on a zero-day threat approach, working towards a Zero-Trust strategy.
EMEA
Avansus provides information technology that allows organizations to work properly and safely.
EMEA
Dartalis offers a wide array of services ensuring the protection of clients’ mission critical infrastructure.
EMEA
Cybersecurity experts who put customers back where they belong: First.
N. America
Endemik provide pragmatic, localised and specialised IT Consulting Services in the Sub-Saharan African market.
EMEA
https://endemik.co.za/#contact
GlobalDots makes IT faster by bringing expertise and hot new technologies to enterprise customers all over the world.
EMEA
https://www.globaldots.com/contact-us/
Infinity IT helps organizations work smarter. That means expertise in identifying and implementing appropriate technologies, combined with the ability to support those solutions to create a more secure and productive work environment - Infinity IT provides "Business Continuity."
For this we invest extraordinarily in knowledge and our partners. Together with them we deliver the most smart and innovative solutions to our customers.
From our office in Zoetermeer, the Netherlands, we offer a wide range of products and services; from professional advice and design to sales and delivery, with full implementation services in combination with support and training courses if required. Our approach is characterized by transparency and commitment, where your organization and employees are our focus to accomplish the job.
Ultimately what matters most is customer satisfaction. Our ISO and NEN certifications confirm that Infinity IT meets the highest requirements in the field of quality and information security.
EMEA
Integration Designers offers integration consulting services to companies and governments in the BeNeLux.
At Integration Designers, we help our customers design and build end-to-end integration solutions to meet today's business challenges. A strong focus on both functional and non-functional requirements ensures a scalable, future-proof integration architecture. Within these architectures, the focus on API management and API security has become increasingly important over the past few years.
Our in-depth knowledge of IBM Integration solutions, as well as our close and active working relationship with IBM, brings out the right tools to maximize our customer’s investments.
EMEA
Iris Networks Cloud & Security provide business outcome focussed, enterprise class cyber security solutions with a cost effective, value based approach. We are a specialist division of cyber security experts, that focus on business outcomes and the cyber security requirements that enable businesses of all sizes to operate with the agility, security and governance that they need to thrive while remaining secure and compliant.
EMEA
M3Corp is a distributor of business solutions focused on information security.
S. America
NetNordic is a Nordic system integrator, specialized in the area of secure network, cybersecurity, and secure collaboration. NetNordic deliver customer specialized solutions and services. We always strive to be our customers’ “Best Companion”, we want to help our customers with their digital enablement through design, delivery and management of next generation services and solutions.
EMEA
Optiv partners with organizations to advise, deploy, and operate cybersecurity programs from strategy and managed security services to risk, integration, and technology solutions.
N. America
Presidio is a global digital services and solutions provider accelerating business transformation through secured technology modernization.
N. America
https://www.presidio.com/contact-us/
SLTN devises, builds, and manages sustainable and innovative ICT solutions for organizations in healthcare, financial services, industry, government, and business services.
EMEA
SoftwareONE is a leading global provider of end-to-end software and cloud technology solutions.
EMEA
With spotit you have a reliable partner who thinks along with you to develop a high-performance security and network strategy. We aim to be your trusted advisor and collaborate with you on innovative architectures and cybersecurity implementations that bring a big strategic advantage and useful insights. Protect against the attacks of today, prepare for the threats of tomorrow.
EMEA
Tevora is a specialized management consultancy focused on cybersecurity, risk, and compliance services.
N. America
Virtual Technology Services offers bespoke IT consultancy and support.
Our team works across a wide range of industries delivering reliable and secure technology solutions to help a business achieve its ultimate productivity and growth.
We specialise in aligning IT strategy with your business goals.
EMEA
