The Salt platform creates a baseline of typical behavior and identifies any activity that deviates from the baseline. Our platform can detect deviations such as the abnormal movement of data and the attempted manipulation of tokens, user IDs, or API parameters. These attacks often come from authenticated users, so simply relying on access control to stop exfiltration will not keep your data safe.
By analyzing all API activity, the Salt platform compiles the context needed to distinguish between “different” vs. “malicious” activity. If an API changes, for example, all users’ behavior will change, but an attacker will be alone in showing a different usage pattern. The Salt platform correlates all activity of a given entity and so can pinpoint an attacker trying to steal your data and block them or send an alert to your security teams.
Because the Salt platform understands the typical behavior for each entity and API endpoint, it immediately detects deviations such as the manipulation of an API endpoint or where more data is in flight. You can configure the platform to automatically block such activity or to send alerts with a full attack timeline to incident response teams to analyze the activity and block the ATO or data extraction.