After evaluating multiple API security platforms, we found that only Salt Security had an architecture that could deploy in any of our environments, identify all our APIs, and recognize and block attackers before they could do any damage.
Salt automatically and continuously discovers all your internal, external, and third-party APIs, including unknown (shadow) and outdated (zombie) APIs and REST, GraphQL, and SOAP formats. We uncover the granular details of each API, including exposed sensitive data, to help you assess risk. We also let you know when APIs are updated, or new APIs are released and when sensitive data exposure changes, so you maintain an up-to-date view of your attack surface.
Salt uses the API context derived from our big data engine to establish a baseline for each API. We correlate all API and user activity, enabling us to uncover the reconnaissance actions of bad actors early in their probing. We consolidate the activity into a single alert with a complete attacker timeline, and you can choose manual or automatic blocking, leveraging the inline devices you already have deployed.
Salt is embedded throughout the API lifecycle to help you build and deliver more secure APIs. We help eliminate vulnerabilities and gaps early in the dev cycle by analyzing and testing APIs before release. We also help you continuously harden your REST, GraphQL, and SOAP APIs by learning from attacker activity to identify vulnerabilities found only at runtime and provide clear remediation insights your development teams can apply to eliminate security gaps.
Salt works with the tools and workflows you already use so you can start protecting your APIs without introducing complexity or friction. With Salt, your security and DevOps teams will:
Respond to threats confidently with alerts sent to your SIEM that include the full context of attacker activity.
Stop attackers manually or automatically using existing enforcement points such as an API gateway or web application firewall (WAF).
Eliminate vulnerabilities efficiently with actionable insights sent to DevOps teams through tools including Jira, ServiceNow, and Slack.