Palo Alto, Calif. – Jan. 29, 2019 – Salt Security, the leading API protection company, today announced the release of the industry’s first solution to identify and prevent API attacks in order to secure SaaS, web, mobile, microservices and IoT applications. The Salt Security API Protection Platform empowers companies to detect and stop attackers in the reconnaissance phase – before they escalate to successful attacks against critical business applications and data.
Salt Security also announced today that it has raised $10 million in funding from S Capital (see accompanying release).
As APIs have proliferated across application environments – and the quantity and sensitivity of the data transmitted have increased – API attacks have become more frequent and more complex, making them the number one threat for any company. The market has already seen a huge increase in API attacks over the past few years, including breaches at Facebook, T-Mobile, Panera Bread, Verizon, and the latest vulnerability disclosures at the United States Postal Service (USPS) and Google+. Gartner predicts that “by 2022, API abuses will be the most frequent attack vector resulting in data breaches for enterprise web applications,” and insecure APIs were ranked as the third most severe threat to cloud computing in 2018 by the Cloud Security Alliance. In addition, the Open Web Application Security Project (OWASP) recognized API security as a primary concern, with nine of the top 10 vulnerabilities in their current OWASP Top 10 report including an API component.
Salt Security Stops Attacks That Current Solutions Fail to Detect
APIs are unique to each application and the organization that builds them, therefore they each have unique logic and unique vulnerabilities. Traditional solutions only focus on known attack types and lack granular understanding of these unique APIs. This makes them incapable of detecting or preventing attacks that exploit unique vulnerabilities in API logic that allow access to critical applications and sensitive data. Today’s attacks targeting API logic slip by these solutions in the security stack because they’re often performed by authenticated users that use subtle methods to probe each API to look for unique vulnerabilities during reconnaissance.
Salt Security provides the industry’s only real-time protection against these logic-based attacks. Using artificial intelligence (AI) and granular knowledge of each unique API to determine normal behavior, Salt Security looks for malicious behavior in each API. This empowers companies to identify attacks while they are still in the reconnaissance phase and stop them before they advance.
“My experience handling cybersecurity in the IDF made it clear that API protection was a pervasive and growing challenge across many industries, and that we had to change the way that companies protect their applications and data,” said Roey Eliyahu, co-founder and CEO of Salt Security. “Traditional security solutions cannot even detect the latest attacks, but by applying artificial intelligence and big data technology, we can identify and respond to attackers before an attack is successful.”
The Salt Security API Protection Platform works in three stages:
- Discovery: The Salt Security platform automatically discovers all APIs and unique functionality across environments with automated, continuous monitoring, ensuring that security teams are aware of any exposure of sensitive data, such as personally identifiable information (PII), and potential attack vectors.
- Prevention: With behavioral monitoring and existing vulnerability insights, the platform prevents attacks of APIs in real time during an attacker’s reconnaissance phase.
- Remediation: Salt Security provides prioritized, actionable insights for security teams and developers that empower them to work together to immediately stop attacks from advancing and close vulnerabilities at their source in the APIs to improve security.
Deployed in minutes, Salt Security’s AI-powered API Protection Platform requires no configuration or customization to help secure applications and improve API protection. The Salt Security API Protection Platform is available in a software-as-a-service (SaaS) or a hybrid deployment for cases when on-premises data processing may be required.
Numerous enterprise customers have already deployed the Salt Security platform to protect connected applications that span across their environments and extend to their customers and partners.
“Like many companies, APIs are an integral part of our business, and we rely on Salt Security to help us improve the security for our service,” said AppsFlyer CISO Guy Fletcher. “Their intelligent platform adds a critical element to our security stack where we expect to see threats increase and get more targeted and advanced.”
“Customers tell us they are using our global cloud database, MongoDB Atlas, for the peace of mind that comes with secure, managed data working in concert with the scalability and convenience of APIs,” said Davi Ottenheimer, head of product security at MongoDB. “Salt presents a new approach to addressing current and future threats, whether around big data, Internet of Things, microservices or machine learning applications, and we are very excited to explore enhanced API security with them.”
“Salt Security’s intelligent platform protects our web applications against attacks that other solutions can’t detect, and the unique insights Salt provides are crucial to keeping our platform safe for customers and partners,” said Systum COO Richard Greene. “Today’s digital business environment requires us to be available and accessible to a wide range of users, and Salt empowers us to achieve this by dramatically reducing our exposure to attacks.”
About Salt Security
Salt Security protects the APIs that are the core of every SaaS, web, mobile, microservices and IoT application. Its API Protection Platform is the industry’s first patented solution to prevent the next generation of API attacks, using behavioral protection. Deployed in minutes, the AI-powered solution automatically and continuously discovers and learns the granular behavior of a company’s APIs and requires no configuration or customization to help ensure API protection. Salt Security was founded in 2016 by alumni of the Israeli Defense Forces (IDF) and serial executives in the cybersecurity field and is based in Silicon Valley and Israel. For more information, visit www.roey.wpengine.com.