Fireside Chat: A New Strategy for Reducing API Risk

Watch On-Demand

API Protection Platform

The Salt Security API Protection Platform secures the APIs at the heart of all your modern applications. The platform collects API traffic across your entire application landscape and makes use of AI/ML and a cloud-scale API data lake to discover all your APIs and their exposed data, stop attacks, and eliminate API vulnerabilities with remediation insights learned during runtime.

Protection across the entire API lifecycle

Identify security gaps with OAS analysis, Identity business logic flaws in pre-prod, Tune API security testing to API patterns, Discover shadow and zombie APIs, Identify exposed sensitive data, Classify data in API calls and responses, Baseline normal API behavior, Pinpoint and block OWASP API Top 10, Identify gaps in OAS documentation, Test production APIs for security gaps, Send developers remediation insights learned in runtime

Salt delivers immediate value

In 1–2 days: Step 1 — Discovery and posture management: Quickly assess your risk. Step 2 — Threat protection: Immediately reduce your risk. At 6 months: Step 3 — Remediation and testing: Reduce future risk.

Salt delivers
immediate value

In 1–2 days: Step 1 — Discovery and posture management: Quickly assess your risk. Step 2 — Threat protection: Immediately reduce your risk. At 6 months: Step 3 — Remediation and testing: Reduce future risk.

After evaluating multiple API security platforms, we found that only Salt Security had an architecture that could deploy in any of our environments, identify all our APIs, and recognize and block attackers before they could do any damage.

Nir Valtman, head of product and data security

Seamless deployment

No agents, no code changes, no configuration. Nothing inline, so no application impact.

With more than 60 ways to get a copy of your API traffic, we fit all your API types – internal, external, and third-party – and all your formats, including REST, GraphQL, and SOAP.

The only patent for blocking API attacks

Our patented API Context Engine (ACE) architecture baselines your environment and identifies anomalies. It looks for a pattern of suspicious activity and consolidates activities into a single attacker timeline, reducing false positives and eliminating 96% of alerts.

Salt – complete coverage, fueled by rich context

Discovery and posture management

Only Salt provides intelligent aggregation and consolidation of your API inventory, with insights into the security posture of your APIs.

  • Update inventory automatically and continuously
  • Highlight “shadow” (unknown) and “zombie” (outdated) APIs
  • Pinpoint APIs that expose sensitive data

Threat protection

Only Salt tracks users over days, weeks, and months to understand today’s drawn-out API attacks

  • Tap cloud-scale big data to baseline users and APIs over time
  • Identify anomalies and distinguish mistakes from attacks
  • Block attackers, not attacks – either manually or automatically

Fixes for exploited vulnerabilities

Only Salt leverages insights from bad actors’ minor successes in runtime to craft remediation insights

  • Analyze OAS/Swagger files for vulnerabilities
  • Share detailed remediation insights with dev teams to harden APIs

Integrate with your existing tools and workflows

Salt works with the tools and workflows you already use, so you can start protecting your APIs without introducing complexity or friction. With Salt, your security and DevOps teams will:

  • Respond to threats confidently with alerts sent to your SIEM that include the full context of attacker activity.
  • Stop attackers manually or automatically using existing enforcement points such as an API gateway or web application firewall (WAF).
  • Eliminate vulnerabilities efficiently with actionable insights sent to DevOps teams through tools including Jira, PagerDuty, and Slack.

Want to see the Salt platform in action?

Learn more

Download this guide for advice on evaluating key capabilities in API security

Learn everything you need to know to keep your APIs secure

Get the guide
Close
Back