Salt correlates all attack activity from the same user into a consolidated attack timeline, giving security teams a clear view of the steps and sequence of an attack. The Salt platform is able to correlate and associate dispersed activities with a single user despite attackers’ efforts to use varying IDs, IP addresses, and devices to propagate their attacks.
The Salt platform, with its big data and AI engine, maintains a massive baseline of typical behavior across millions of users simultaneously. It can distinguish simple one-off user mistakes or changed APIs from the patterns of an attacker, avoiding the false positives that render so many security solutions unusable. When malicious activity is the culprit, the Salt platform consolidates the activity, sending a single alert for the attacker, not one for each attacker activity, making it quick and easy for security teams to understand the situation and take action or leverage Salt’s automatic blocking.
The Salt platform builds and retains context for each user to distinguish attackers. It correlates and compiles all the activities of an attacker and presents that data in a timeline view. Security teams then have the confidence to take action and block attackers without worrying about disrupting legitimate traffic.