The Salt platform

The Salt Security API Protection Platform secures the APIs at the heart of all your modern applications. The platform collects API traffic across your entire application landscape and makes use of AI/ML and a big data engine to discover all your APIs and their exposed data, stop attacks, and eliminate vulnerabilities at their source.

Salt in action

The Salt platform deploys in minutes, with no agents, no code changes, and no configuration. We get a copy of your API traffic from any application environment. We send that data to either a Salt hybrid server or the Salt cloud – the hybrid server keeps all your API data on prem and forwards only metadata to the Salt cloud.

Since we’re not inline, we have no performance impact on your apps. To enforce your security policies and block attackers, we leverage the inline devices you’ve already deployed. And we send your dev and SecOps teams the alerts and remediation tickets they need.

Simple deployment, frictionless operation – that’s the Salt approach.

Key capabilities of the Salt platform

See all your APIs

Discover all your APIs and exposed data

The Salt platform automatically inventories all your APIs, including shadow and zombie APIs, across all your application environments. Salt also highlights all instances where your APIs expose sensitive data. Continuous discovery ensures your APIs stay protected even as your environment evolves and changes as a result of agile methodologies and DevOps practices.

Stop API attackers

Stop API attackers

Pinpoint and stop threats to your APIs with Salt's patented AI technology that baselines legitimate behavior and identifies attackers in real time, during reconnaissance, to prevent them from advancing. The Salt platform correlates all activities back to a single entity, sends a single consolidated alert to avoid alert fatigue, and blocks the attacker -- not just transactions.

Improve API security posture

Improve API security posture

The Salt platform proactively identifies vulnerabilities in your APIs even before they serve production traffic. Plus, the platform uses attackers like pen testers, capturing their minor successes to provide insights for dev teams while stopping attackers before they reach their objective.

Tools like WAFs and API gateways don't have any context for what's happening across APIs and, in turn, cannot effectively detect or protect against exploitation. Salt pulls together all the activity of all users, so it can find and stop attackers in their tracks.

Curtis Simpson, CISO

Top use cases

Discover all
your APIs

Continuously inventory all your APIs, including shadow and zombie APIs

Prevent sensitive
data exposure

Identify the APIs that are exposing PII or other sensitive data

Stop
API attacks

Correlate activity to block attackers during reconnaissance

Prevent
account takeover

Thwart credential stuffing and other attacks aimed at account misuse

Stop
data exfiltration

Block attackers from stealing company and customer data

Accelerate
incident response

Reduce the time needed to take action and resolve incidents

Provide
remediation insights

Leverage native DevOps tools to give dev teams remediation details

Simplify
compliance

Tie your API and sensitive data discovery into GRC workflows

Protect all your APIs, in all your app environments, with simple integrations from Salt.

No configuration needed. Ever.

Your applications and APIs are constantly evolving, creating opportunities for attackers to find vulnerabilities. You need context to stop attacks and keep your APIs protected.

Salt Security continuously understands your evolving application environment and identifies malicious activity automatically, without the need for configuration or customization. Our pre-built integrations make it easy to discover all your APIs, collect and analyze their traffic, and leverage your inline devices for enforcement.

How is the Salt architecture different?

Learn More

API Security Evaluation Guide

Read the guide