Salt Security API Protection Platform
Photo Gallery
 |
 |
Salt Security API Protection Platform
Additional Info
| Company | Salt Security |
| Website | https://salt.security/ |
| Company size (employees) | 100 to 499 |
| Headquarters Region | North America |
| Type of solution | Software |
Overview
The Salt Security API Protection Platform is the only API security solution that combines the power of cloud-scale big data and time-tested ML/AI to detect and prevent API attacks. With its patented approach to blocking today’s low-and-slow API attacks, only Salt provides the adaptive intelligence needed to protect APIs. By correlating activities across millions of APIs and users over time, Salt delivers deep context with real-time analysis and continuous insights into API threats and vulnerabilities, including those outlined in the OWASP API Security Top 10 list.
Through its unique API Context Engine (ACE) architecture, the Salt platform provides API design analysis in pre-production, discovers all APIs, pinpoints and stops API attackers, and provides remediation insights learned during runtime to harden APIs.
With “shift left” security capabilities, including API security posture insights and automated OpenAPI Specification (OAS) analysis/reporting, the platform enables dev teams to harden the full application lifecycle, identify risks and vulnerabilities before exploitation, and simplify reporting on OAS standards.
Most recently, in January 2024, Salt announced multiple advancements in discovery, posture management and AI-based threat protection to its platform. With this, Salt leapfrogs traditional posture management by providing the industry’s first API posture governance engine delivering operationalized API governance and threat detection across organizations at scale.
The Salt posture governance engine captures API data with ease, simplifying how organizations share and respond to API threat intelligence. The platform provides pre-packaged templates for accelerated ramp up time, allowing organizations the ability to create their own posture rules, organize and categorize their rules, and extensively filter their APIs. Unlike other API governance solutions, the Salt AI-based runtime engine pulls from the largest data lake in order to continuously train the engine.
Key Capabilities / Features
The Salt platform utilizes cloud-scale big data combined with AI and ML to correlate activities across millions of APIs and users over time. With these context-based insights, Salt enables organizations to detect the reconnaissance activity of bad actors and block them before they can reach their objective, ensuring the safety of their and their customers’ critical data.
In April 2023, Salt announced new enhancements to its platform:
- Enhancements to core AI models – processes more API data faster into its patented API Context Engine (ACE) architecture, improving API threat detection and discovery.
- Improved user intent detection – quickly and accurately detects when an API user exhibits malicious intent, reducing false positives while ensuring accurate identification of true positives.
- New threat severity analytics – enabling security teams to differentiate between high-vs.low-severity attacks to focus on the greatest threats.
- New Rapid Investigation mode – identifies and highlights the most critical malicious attack events.
- Advanced API discovery at scale – provides more accurate mapping of API endpoints to make it easier to inventory and understand APIs at scale.
With its latest platform expansion in January 2024, Salt delivers:
- Industry's first API posture governance engine - helps organizations minimize risk, giving the ability to author corporate standards for API posture, and assess compliance with those standards, industry best practices, and regulatory requirements.
- New API filtering and querying capabilities - provides context rich API asset discovery and management, helping organizations mine more intelligence from discovered API assets.
- Enhanced behavioral threat response capabilities - provides SecOps personnel with capability to more effectively prioritize, triage, and analyze API-related security events, drastically reducing mean time to respond and resolve.
- New ecosystem enrichment capabilities - will share API intelligence with the broader lifecycle ecosystem.
Enterprise onboarding and operationalization improvements - reduces API risk quickly with minimal operational friction.
How we are different
Salt provides the industry's first API posture governance engine, helping organizations govern their API-first journeys using API intelligence to discover and effectively manage API assets, and ensuring that corporate standards and industry best practices are followed throughout an API's lifecycle. Salt is the only API security company to deliver AI-based API security, advanced discovery and innovative posture gap analysis, which is needed to unlock the intelligence discovered within APIs.
Unlike its competitors, Salt is the only platform on the market that applies cloud-scale big data to address API security challenges. Only Salt can capture and baseline all API traffic -- all calls and responses -- over days, weeks and even months. Salt applies its AI and ML algorithms, which have been in the market for over four years, to provide real-time analysis and correlation across billions of API calls. You need that level of context to provide rich discovery, accurate data classification, and to identify and stop “low and slow” API attacks which occur over time. No on-prem solution has the data capacity to catch today's sophisticated attacks in the wild, such as a single parameter BOLA attack.
Unlike any other offering on the market, the Salt platform provides both runtime protection and developer insights, enabling companies to ensure that data and services are immediately protected even while developers harden APIs. The Salt approach also enables a complete and up-to-date inventory of all APIs to help customers eliminate blind spots, assess risk, and determine sensitive data exposure - even as APIs are updated or new APIs are added to the environment.