API Security for Dummies
Read the eBook
Salt integrates quickly with any environment and doesn’t require agents, changes to application code, or configuration. We’re not inline, so there’s no impact on application performance, availability, or functionality. With support for more than 50 API collection options, we work anywhere and support the most use cases to protect all your APIs - internal, external, and third-party and including REST, GraphQL, and SOAP formats.
Our patented API Context Engine (ACE) architecture – powered by cloud-scale big data, artificial intelligence (AI), and machine learning (ML) – continuously analyzes a copy of all API traffic from your environments. We leverage the rich context that our ACE architecture enables to discover all APIs, stop attacks, and test and scan your APIs during build, and help you continuously improve API security.
After evaluating multiple API security platforms, we found that only Salt Security had an architecture that could deploy in any of our environments, identify all our APIs, and recognize and block attackers before they could do any damage.
Salt automatically and continuously discovers all your internal, external, and third-party APIs, including unknown (shadow) and outdated (zombie) APIs and REST, GraphQL, and SOAP formats. We uncover the granular details of each API, including exposed sensitive data, to help you assess risk. We also let you know when APIs are updated, or new APIs are released and when sensitive data exposure changes, so you maintain an up-to-date view of your attack surface.
Salt uses the API context derived from our big data engine to establish a baseline for each API. We correlate all API and user activity, enabling us to uncover the reconnaissance actions of bad actors early in their probing. We consolidate the activity into a single alert with a complete attacker timeline, and you can choose manual or automatic blocking, leveraging the inline devices you already have deployed.
Salt is embedded throughout the API lifecycle to help you build and deliver more secure APIs. We help eliminate vulnerabilities and gaps early in the dev cycle by analyzing and testing APIs before release. We also help you continuously harden your REST, GraphQL, and SOAP APIs by learning from attacker activity to identify vulnerabilities found only at runtime and provide clear remediation insights your development teams can apply to eliminate security gaps.
Salt works with the tools and workflows you already use so you can start protecting your APIs without introducing complexity or friction. With Salt, your security and DevOps teams will:
•
Respond to threats confidently with alerts sent to your SIEM that include the full context of attacker activity.
•
Stop attackers manually or automatically using existing enforcement points such as an API gateway or web application firewall (WAF).
•
Eliminate vulnerabilities efficiently with actionable insights sent to DevOps teams through tools including Jira, ServiceNow, and Slack.