State of API Security Report Q3 2022

Learn more

The Salt platform

The Salt Security API Protection Platform secures the APIs at the heart of all your modern applications.
The platform collects API traffic across your entire application landscape and makes use of AI/ML and a cloud-scale big data engine to discover all your APIs and their exposed data, stop attacks, and eliminate API vulnerabilities with scanning and testing in the build phase and remediation insights learned during runtime.

Protection across the entire API lifecycle

Salt delivers immediate value

Salt - focused on
immediate value

After evaluating multiple API security platforms, we found that only Salt Security had an architecture that could deploy in any of our environments, identify all our APIs, and recognize and block attackers before they could do any damage.

Nir Valtman, head of product and data security

Seamless deployment

No agents, no code changes, no configuration. Nothing inline, so no application impact.

With more than 60 ways to get a copy of your API traffic, we fit all your API types – internal, external, and third-party – and all your formats, including REST, GraphQL, and SOAP.

The only patent for blocking API attacks

Our patented API Context Engine (ACE) architecture baselines your environment and identifies anomalies. It looks for a pattern of suspicious activity and consolidates activities into a single attacker timeline, reducing false positives and eliminating 96% of alerts.

Salt – complete coverage, fueled by rich context


Only Salt provides intelligent aggregation and consolidation of your API inventory.

  • Update inventory automatically and continuously
  • Highlight “shadow” (unknown) and “zombie” (outdated) APIs
  • Pinpoint APIs that expose sensitive data

Runtime protection

Only Salt tracks users over days, weeks, and months to understand today’s drawn-out API attacks

  • Tap cloud-scale big data to baseline users and APIs over time
  • Identify anomalies and distinguish mistakes from attacks
  • Block attackers, not attacks – either manually or automatically

Shift left practices

Only Salt leverages insights from bad actors’ minor successes in runtime to craft remediation insights

  • Analyze OAS/Swagger files for vulnerabilities
  • Test APIs in pre-production, tuning attack simulations to the discovered APIs
  • Pinpoint APIs that expose sensitive data

Integrate with your existing tools and workflows

Salt works with the tools and workflows you already use, so you can start protecting your APIs without introducing complexity or friction. With Salt, your security and DevOps teams will:

  • Respond to threats confidently with alerts sent to your SIEM that include the full context of attacker activity.
  • Stop attackers manually or automatically using existing enforcement points such as an API gateway or web application firewall (WAF).
  • Eliminate vulnerabilities efficiently with actionable insights sent to DevOps teams through tools including Jira, ServiceNow, and Slack.

Want to see the Salt platform in action?

Learn more
Before you go...

Get key advice for evaluating key capabilities in API security

Download the Guide