Salt uses big data and patented AI to analyze all API traffic and establish a granular baseline of legitimate behavior for your unique APIs. The platform maintains state across 100s of attributes of typical behavior for each entity or API, including attributes such as consistency of parameter input, frequency of access, volume of response, volume of sensitive data, data types, and response codes. The Salt platform will adjust the baseline as your APIs change, avoiding false positives while keeping you protected in a rapidly changing environment – without the need for human intervention.
The Salt platform correlates all user activities, so malicious behavior is identified early, during an attacker’s reconnaissance phase. By analyzing all API activity, Salt has the context needed to uncover the subtle signs of an attacker, distinguish between “different” vs. “malicious” activity, and stop attackers before they succeed.
Salt identifies and stops the attacks that web application firewalls (WAFs) and API gateways miss. These proxy-based tools can’t see the full context of API activity and cannot correlate different transactions back to a common entity. Within a short learning period, the Salt platform creates a baseline of behavior for your unique APIs and protects your APIs from attacks including the threats outlined in the OWASP API Security Top 10.
Salt captures the full attack timeline, displaying it in our dashboard and sending the information to your SIEM for incident response teams to analyze. You can also opt to have the Salt platform automatically block attacks. Salt leverages integrations with inline tools such as API gateways and firewalls to block attackers before they succeed.