- About us
Salt Security protects the APIs that form the core of every modern application. Its API Protection Platform is the industry’s first patented solution to prevent the next generation of API attacks, using machine learning and AI to automatically and continuously identify and protect APIs. Deployed in minutes, the Salt Security platform learns the granular behaviour of a company’s APIs and requires no configuration or customization to pinpoint and block API attackers.
The Salt Security API Protection Platform secures the APIs at the heart of all modern applications. The platform collects API traffic across the entire application landscape and makes use of AI/ML and a cloud-scale big data engine to discover all APIs and their exposed data, stop attacks, and eliminate API vulnerabilities with scanning and testing in the build phase and remediation insights learned during runtime.
Salt integrates quickly with any environment and doesn’t require agents, changes to application code, or configuration. As they’re not inline, there’s no impact on application performance, availability, or functionality. With support for more than 50 API collection options, Salt works anywhere and supports the most use cases to protect all customer APIs – internal, external, and third-party and including REST, GraphQL, and SOAP formats.
Salt’s patented API Context Engine (ACE) architecture – powered by cloud-scale big data, artificial intelligence (AI), and machine learning (ML) – continuously analyses a copy of all API traffic from customers’ environments. They leverage the rich context that their ACE architecture enables to discover all APIs, stop attacks, and test and scan your APIs during build, and help customers continuously improve API security.
Salt automatically and continuously discovers all the internal, external, and third-party APIs, including unknown (shadow) and outdated (zombie) APIs and REST, GraphQL, and SOAP formats. Salt uncovers the granular details of each API, including exposed sensitive data, to help customers assess risk. It will also let you know when APIs are updated, or new APIs are released and when sensitive data exposure changes, so customers maintain an up-to-date view of their attack surface.
Salt uses the API context derived from their big data engine to establish a baseline for each API. They correlate all API and user activity, enabling them to uncover the reconnaissance actions of bad actors early in their probing. They consolidate the activity into a single alert with a complete attacker timeline, and customers can choose manual or automatic blocking, leveraging the inline devices they already have deployed.
Salt is embedded throughout the API lifecycle to help customers build and deliver more secure APIs. They help eliminate vulnerabilities and gaps early in the dev cycle by analysing and testing APIs before release. They also help customers continuously harden their REST, GraphQL, and SOAP APIs by learning from attacker activity to identify vulnerabilities found only at runtime and provide clear remediation insights that development teams can apply to eliminate security gaps.