The Salt platform deploys in minutes, with no agents, no code changes, and no configuration. We get a copy of your API traffic from any application environment. We send that data to either a Salt hybrid server or the Salt cloud – the hybrid server keeps all your API data on prem and forwards only metadata to the Salt cloud.
Since we’re not inline, we have no performance impact on your apps. To enforce your security policies and block attackers, we leverage the inline devices you’ve already deployed. And we send your dev and SecOps teams the alerts and remediation tickets they need.
Simple deployment, frictionless operation – that’s the Salt approach.
The Salt platform automatically inventories all your APIs, including shadow and zombie APIs, across all your application environments. Salt also highlights all instances where your APIs expose sensitive data. Continuous discovery ensures your APIs stay protected even as your environment evolves and changes as a result of agile methodologies and DevOps practices.
Pinpoint and stop threats to your APIs with Salt's patented AI technology that baselines legitimate behavior and identifies attackers in real time, during reconnaissance, to prevent them from advancing. The Salt platform correlates all activities back to a single entity, sends a single consolidated alert to avoid alert fatigue, and blocks the attacker -- not just transactions.
The Salt platform proactively identifies vulnerabilities in your APIs even before they serve production traffic. Plus, the platform uses attackers like pen testers, capturing their minor successes to provide insights for dev teams while stopping attackers before they reach their objective.
Tools like WAFs and API gateways don't have any context for what's happening across APIs and, in turn, cannot effectively detect or protect against exploitation. Salt pulls together all the activity of all users, so it can find and stop attackers in their tracks.
Continuously inventory all your APIs, including shadow and zombie APIs
Identify the APIs that are exposing PII or other sensitive data
Correlate activity to block attackers during reconnaissance
Thwart credential stuffing and other attacks aimed at account misuse
Block attackers from stealing company and customer data
Reduce the time needed to take action and resolve incidents
Leverage native DevOps tools to give dev teams remediation details
Tie your API and sensitive data discovery into GRC workflows
Your applications and APIs are constantly evolving, creating opportunities for attackers to find vulnerabilities. You need context to stop attacks and keep your APIs protected.
Salt Security continuously understands your evolving application environment and identifies malicious activity automatically, without the need for configuration or customization. Our pre-built integrations make it easy to discover all your APIs, collect and analyze their traffic, and leverage your inline devices for enforcement.