API Security Best Practices
Read the guide
Amazon Web Services (AWS) offers cloud computing services to individuals, companies, and governments. The Amazon API Gateway is a fully managed service that helps developers create, publish, maintain, and monitor APIs at any scale. The AWS WAF is a web application firewall that helps protect web applications against common web exploits that may affect availability, compromise security, or consume excessive resources.
AWS integrates with Salt to mirror a copy of API traffic to the Salt API Protection Platform from AWS virtual private clouds (VPCs), the Amazon API Gateway, and the AWS WAF. The Salt platform uses big data and patented artificial intelligence (AI) to analyze all API traffic and establish a granular baseline of legitimate behavior for your unique APIs. The platform maintains state across 100s of attributes of typical behavior for each user or entity, including aspects such as consistency of parameter input, frequency of requests, volume of response, and devices or addresses typically used. Through continuous analysis of API traffic, Salt provides real-time discovery of APIs, protection against threats, and insights to aid in the remediation of vulnerabilities. The Salt platform can also send enforcement commands to the Amazon API Gateway and the AWS WAF to block an attacker.
Securing APIs With Salt Using Agentless AWS VPC Traffic Mirroring
Apigee is an API management platform that helps businesses accelerate with APIs. Apigee gives enterprises control over and visibility into the APIs that connect applications and data, across the enterprise and across clouds.
Apigee integrates with Salt to mirror a copy of API traffic to the Salt API Protection Platform. The Salt platform uses big data and patented artificial intelligence (AI) to analyze all API traffic and establish a granular baseline of legitimate behavior for your unique APIs. The platform maintains state across 100s of attributes of typical behavior for each user or entity, including aspects such as consistency of parameter input, frequency of requests, volume of response, and devices or addresses typically used. Through continuous analysis of API traffic, Salt provides real-time discovery of APIs, protection against threats, and insights to aid in the remediation of vulnerabilities. The Salt platform can also send enforcement commands to the Apigee platform to block an attacker.
Microsoft Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers. The Azure web application firewall (WAF) is delivered from Azure and protects web applications from malicious attacks and common web vulnerabilities, such as SQL injection and cross-site scripting. Azure API Management is an API gateway that is used to manage APIs in Azure, on prem, and in multi cloud deployments.
Microsoft Azure integrates with Salt to mirror a copy of API traffic to the Salt API Protection Platform from Azure virtual networks (VNets) and the Azure WAF. The Salt platform uses big data and patented artificial intelligence (AI) to analyze all API traffic and establish a granular baseline of legitimate behavior for your unique APIs. The platform maintains state across 100s of attributes of typical behavior for each user or entity, including aspects such as consistency of parameter input, frequency of requests, volume of response, and devices or addresses typically used. Through continuous analysis of API traffic, Salt provides real-time discovery of APIs, protection against threats, and insights to aid in the remediation of vulnerabilities. The Salt platform can also send enforcement commands to the Azure WAF and Azure API Management to block an attacker.
An overview of WAFs and API security
Google Cloud Platform (GCP) is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, file storage, and YouTube.
GCP integrates with Salt to mirror a copy of API traffic to the Salt API Protection Platform from GCP virtual private clouds (VPCs). The Salt platform uses big data and patented artificial intelligence (AI) to analyze all API traffic and establish a granular baseline of legitimate behavior for your unique APIs. The platform maintains state across 100s of attributes of typical behavior for each user or entity, including aspects such as consistency of parameter input, frequency of requests, volume of response, and devices or addresses typically used. Through continuous analysis of API traffic, Salt provides real-time discovery of APIs, protection against threats, and insights to aid in the remediation of vulnerabilities.
Jira is part of Atlassian, a company that provides software that helps teams organize, plan, communicate, and work collaboratively. Jira helps teams plan track, and release software with support for a variety of use cases, from requirements and test case management to agile software development and bug tracking.
Salt Security integrates with Jira to help security and development teams collaborate and eliminate API vulnerabilities. The Salt platform captures attackers’ reconnaissance efforts as they probe APIs for vulnerabilities. Salt then encapsulates those learnings as Remediation Insights, with the information development teams need to eliminate vulnerabilities. Salt integrates with Jira to route those Remediation Insights to the right development team, bridging the gap between security and dev teams.
Kong helps organizations connect APIs and microservices across today’s hybrid and multi-cloud environments. The Kong platform manages and orchestrates microservice APIs and powers trillions of API transactions for leading organizations globally.
Kong integrates with Salt to mirror a copy of API traffic to the Salt API Protection Platform. The Salt platform uses big data and patented artificial intelligence (AI) to analyze all API traffic and establish a granular baseline of legitimate behavior for your unique APIs. The platform maintains state across 100s of attributes of typical behavior for each user or entity, including aspects such as consistency of parameter input, frequency of requests, volume of response, and devices or addresses typically used. Through continuous analysis of API traffic, Salt provides real-time discovery of APIs, protection against threats, and insights to aid in the remediation of vulnerabilities. The Salt platform can also send enforcement commands to the Kong platform to block an attacker.
An overview of our integration with the Kong API gateway
An overview of API gateways and API security
MuleSoft provides the world’s leading API integration and management platform. MuleSoft makes it easy to connect data from any system – no matter where it resides – to create connected experiences, faster. Thousands of organizations across all types of industries rely on MuleSoft to realize speed, agility, and innovation at scale.
MuleSoft integrates with Salt to mirror a copy of API traffic to the Salt API Protection Platform. The Salt platform uses big data and patented artificial intelligence (AI) to analyze all API traffic and establish a granular baseline of legitimate behavior for your unique APIs. The platform maintains state across 100s of attributes of typical behavior for each user or entity, including aspects such as consistency of parameter input, frequency of requests, volume of response, and devices or addresses typically used. Through continuous analysis of API traffic Salt provides real-time discovery of APIs, protection against threats, and insights to aid in the remediation of vulnerabilities. The Salt platform can also send enforcement commands to the MuleSoft platform to block an attacker.
Salt Security Joins the MuleSoft Technology Partner Program
Salt Security + MuleSoft – Supercharge Your API Security Strategy
An overview of API gateways and API security
The NGINX Application Platform helps reduce complexity by consolidating common functions such as web server, load balancer, content cache, web application firewall (WAF), and API gateway into a single piece of software.
NGINX integrates with Salt to mirror a copy of API traffic to the Salt API Protection Platform. The Salt platform uses big data and patented artificial intelligence (AI) to analyze all API traffic and establish a granular baseline of legitimate behavior for your unique APIs. The platform maintains state across 100s of attributes of typical behavior for each user or entity, including aspects such as consistency of parameter input, frequency of requests, volume of response, and devices or addresses typically used. Through continuous analysis of API traffic Salt provides real-time discovery of APIs, protection against threats, and insights to aid in the remediation of vulnerabilities. The Salt platform can also send enforcement commands to the NGINX platform to block an attacker.
An overview of API gateways and API security
An overview of WAFs and API security
Snowflake delivers the Data Cloud — a global network where thousands of organizations mobilize data with scale, concurrency, and performance. Inside the Data Cloud, organizations unite their siloed data, easily discover and securely share governed data, and execute diverse analytic workloads. Snowflake delivers a single and seamless experience across multiple public clouds. The Snowflake platform provides access to the Data Cloud, creating a solution for data warehousing, data lakes, data engineering, data science, data application development, and data sharing.
Salt Security integrates with Snowflake to deliver real-time API security incident alerts and attacker data to your Snowflake account. Salt correlates all attack activity from the same user into a consolidated attack timeline. The attack timeline is sent to Snowflake, giving security teams a clear view of an attack's steps and sequence to reduce investigation times and help teams stop attackers in their tracks.
Salt Security in the Snowflake Data Marketplace
The Splunk platform helps organizations search, analyze, monitor, and visualize the machine-generated data gathered from their websites, applications, sensors, and devices. Splunk makes it possible to use any kind of data for real-world action. Splunk Enterprise Security (Splunk ES) is a security information and event management (SIEM) solution that enables security teams to quickly detect and respond to internal and external attacks, to simplify threat management while minimizing risk, and safeguard businesses.
Salt Security integrates with Splunk to deliver real-time API security incident alerts and attacker data to Splunk SE. Salt correlates all attack activity from the same user into a consolidated attack timeline. Salt sends this attack timeline to Splunk SE, giving security teams a clear view of an attack's steps and sequence to reduce investigation times and help teams stop attackers in their tracks.
Sumo Logic is a cloud-based machine data analytics company focusing on security, operations, and BI use cases. It provides log management and analytics services that leverage machine-generated big data to deliver real-time IT insights. The Sumo Logic Cloud SIEM Enterprise provides security analysts with enhanced visibility to monitor their on-premises, hybrid, and multi-cloud infrastructures and thoroughly understand the impact and context of an attack.
Salt Security integrates with Sumo Logic to deliver real-time API security incident alerts and attacker data to Sumo Logic Cloud SIEM Enterprise. Salt correlates all attack activity from the same user into a consolidated attack timeline. Salt sends the attack timeline to the Sumo Logic platform so security teams get a clear view of an attack's steps and sequence, helping to reduce investigation times and stop attackers in their tracks.
