Salt Security – Developer of the Industry Leading API Protection Platform

Additional Info

Company size (employees)10 to 49
Headquarters RegionNorth America


APIs sit at the core of today’s modern applications, connecting customers and partners to vital data and services. API-based applications are critical to revenue generation because they connect partners and customers together with critical data and services. However, according to Gartner, by 2022, API abuses will be the most frequent attack vector, resulting in data breaches for enterprise web applications and causing massive disruption to the bottom line.

Salt Security protects APIs across their full lifecycle, providing API discovery; identifying API vulnerabilities; stopping API attackers; preventing data exfiltration, account takeovers, and service disruption; and simplifying compliance. Salt leverages Big Data and AI, along with ubiquitous coverage, to gain the holistic detection needed to protect APIs across the full OWASP API Security Top 10 list of threats.

The Salt solution deploys in minutes and discovers and learns the granular behavior of a company’s APIs automatically and continuously. It requires no configuration or customization to ensure API protection and helps development teams work efficiently to meet project deadlines and business demands.

The Salt platform baselines normal behavior for each API, looks for anomalies, and correlates activity to detect attackers early in their reconnaissance efforts. As a result, security teams can block attackers manually or set the Salt Security platform to do so automatically, preventing attackers from successfully reaching their objective.

How we are different

- As attacks evolved from a single malicious call to a series of distributed events, organizations need to connect these events to a single attack source. Unlike inline proxy solutions, Salt Security uses Big Data and patented AI to collect and analyze the activity of millions of users in parallel. This architecture allows the Salt platform to piece together the subtle probing of an attacker during reconnaissance, assess the risk of all their activity, much like a credit score, and pinpoint and stop them early in their process. Correlated insights help reduce the number of alerts, eliminate false positives, and allow incident response teams to quickly assess alerts and block attackers before they are successful.

- Salt Security is the only solution that automatically and continuously discovers all APIs across customer environments, including granular details and where sensitive data (e.g., PII) is being exposed. This approach enables a complete and up-to-date inventory of all APIs and helps customers eliminate blind spots, assess risk, and determine sensitive data exposure—even as APIs are updated or new APIs are added to the environment. Unlike other solutions, the Salt Security solution does not require any existing documentation such as an OpenAPI Specification (aka Swagger) file to perform discovery. Automatic and complete discovery are essential, since customer-provided API documentation lacks needed details, is not kept up to date, or sometimes does not exist at all.

- Salt Security uniquely uses attacker efforts, such as penetration testing, to identify potential vulnerabilities. The Salt platform leverages this information to provide dev teams remediation insights, helping them quickly understand, prioritize, and eliminate API vulnerabilities at their source.