State of API Security Report Q3 2022

Learn more

The Salt platform

The Salt Security API Protection Platform secures the APIs at the heart of all your modern applications. The platform collects API traffic across your entire application landscape and makes use of AI/ML and a cloud-scale big data engine to discover all your APIs and their exposed data, stop attacks, and eliminate API vulnerabilities with scanning and testing in the build phase and remediation insights learned during runtime.

Easy integration to protect all your APIs

Salt integrates quickly with any environment and doesn’t require agents, changes to application code, or configuration. We’re not inline, so there’s no impact on application performance, availability, or functionality. With support for more than 50 API collection options, we work anywhere and support the most use cases to protect all your APIs - internal, external, and third-party and including REST, GraphQL, and SOAP formats.

Rich context through continuous API traffic analysis

Our patented API Context Engine (ACE) architecture – powered by cloud-scale big data, artificial intelligence (AI), and machine learning (ML) – continuously analyzes a copy of all API traffic from your environments. We leverage the rich context that our ACE architecture enables to discover all APIs, stop attacks, and test and scan your APIs during build, and help you continuously improve API security.

After evaluating multiple API security platforms, we found that only Salt Security had an architecture that could deploy in any of our environments, identify all our APIs, and recognize and block attackers before they could do any damage.

Nir Valtman, head of product and data security

Key capabilities of the Salt platform

Gain a complete view of your API attack surface

Salt automatically and continuously discovers all your internal, external, and third-party APIs, including unknown (shadow) and outdated (zombie) APIs and REST, GraphQL, and SOAP formats. We uncover the granular details of each API, including exposed sensitive data, to help you assess risk. We also let you know when APIs are updated, or new APIs are released and when sensitive data exposure changes, so you maintain an up-to-date view of your attack surface.

33% fewer undocumented APIs

See all your APIsSee all your APIs

Pinpoint attackers and stop attacks

Salt uses the API context derived from our big data engine to establish a baseline for each API. We correlate all API and user activity, enabling us to uncover the reconnaissance actions of bad actors early in their probing. We consolidate the activity into a single alert with a complete attacker timeline, and you can choose manual or automatic blocking, leveraging the inline devices you already have deployed.

20X faster time to resolution

Scan APIs in build and harden APIs in runtime

Salt is embedded throughout the API lifecycle to help you build and deliver more secure APIs. We help eliminate vulnerabilities and gaps early in the dev cycle by analyzing and testing APIs before release. We also help you continuously harden your REST, GraphQL, and SOAP APIs by learning from attacker activity to identify vulnerabilities found only at runtime and provide clear remediation insights your development teams can apply to eliminate security gaps.

3x faster API remediation

See all your APIs

Integrate with your existing tools and workflows

Salt works with the tools and workflows you already use so you can start protecting your APIs without introducing complexity or friction. With Salt, your security and DevOps teams will:

Respond to threats confidently with alerts sent to your SIEM that include the full context of attacker activity.

Stop attackers manually or automatically using existing enforcement points such as an API gateway or web application firewall (WAF).

Eliminate vulnerabilities efficiently with actionable insights sent to DevOps teams through tools including Jira, ServiceNow, and Slack.

How is the Salt architecture different?

Learn More
Before you go...

Get key advice for evaluating key capabilities in API security

Download the Guide