API Security for Dummies

Read the eBook

The Salt platform

The Salt Security API Protection Platform secures the APIs at the heart of all your modern applications. The platform collects API traffic across your entire application landscape and makes use of AI/ML and a big data engine to discover all your APIs and their exposed data, stop attacks, and eliminate vulnerabilities at their source.

Easy integration to protect all your APIs

Salt integrates quickly with any environment and doesn’t require agents, changes to application code, or configuration. We’re not inline, so there’s no impact on application performance, availability, or functionality. With support for more than 50 API collection options, we work anywhere and support the most use cases to protect all your APIs - internal, external, and third-party.

Rich context through continuous API traffic analysis

Our patented API Context Engine (ACE) architecture – powered by big data, artificial intelligence (AI), and machine learning (ML) – continuously analyzes a copy of all API traffic from your environments. We leverage the rich context that our ACE architecture enables to discover all APIs, stop attacks, and help you continuously improve API security.

After evaluating multiple API security platforms, we found that only Salt Security had an architecture that could deploy in any of our environments, identify all our APIs, and recognize and block attackers before they could do any damage.

Nir Valtman, head of product and data security

Key capabilities of the Salt platform

Gain a complete view of your API attack surface

Salt automatically and continuously discovers all your internal, external, and third-party APIs, including unknown (shadow) and outdated (zombie) APIs. We uncover the granular details of each API, including exposed sensitive data, to help you assess risk. We also let you know when APIs are updated, or new APIs are released and when sensitive data exposure changes, so you maintain an up-to-date view of your attack surface.


33% fewer undocumented APIs

See all your APIsSee all your APIs

Pinpoint attackers and stop attacks

Salt uses the API context derived from our big data engine to establish a baseline for each API. We correlate all API and user activity, enabling us to uncover the reconnaissance actions of bad actors early in their probing. We consolidate the activity into a single alert with a complete attacker timeline, and you can choose manual or automatic blocking, leveraging the inline devices you already have deployed.


20X faster time to resolution

Continuously improve API security

Salt is embedded throughout the API lifecycle to help you build and deliver more secure APIs. We help eliminate vulnerabilities and gaps early in the dev cycle by analyzing and testing APIs before release. We also help you continuously harden your APIs by learning from attacker activity to identify vulnerabilities found only at runtime and provide clear remediation insights dev teams can apply to eliminate security gaps.


3x faster API remediation

See all your APIs

Integrate with your existing tools and workflows

Salt works with the tools and workflows you already use so you can start protecting your APIs without introducing complexity or friction. With Salt, your security and DevOps teams will:

Respond to threats confidently with alerts sent to your SIEM that include the full context of attacker activity.

Stop attackers manually or automatically using existing enforcement points such as an API gateway or web application firewall (WAF).

Eliminate vulnerabilities efficiently with actionable insights sent to DevOps teams through tools including Jira, ServiceNow, and Slack.

How is the Salt architecture different?

Learn More