APIs - the dominant target in today's application environments.
API interfaces are at the heart of today’s modern applications, helping organizations connect with customers and partners, increase revenue, and assist with digital transformation initiatives. APIs have also become the top application target for attackers, as shown by countless high-profile attacks. Gartner predicts that “by 2022, API abuse will move from a rare attack vector to an extremely frequent attack vector, resulting in data breaches for enterprise Internet applications.” Traditional solutions including WAFs and API Gateways cannot protect your API from today’s attacks.
So what does SALT Security do?
SALT Security is a SaaS solution, which provides an end-to-end solution in the worlds of API Security. The solution provides a systemic view of all the open APIs in the organization, mapping the client’s attack area, identifying attackers at a very early stage of their research, and the possibility to block the attacks and provide ways to help improve API SECURITY.
SALT uses BIG DATA engines and Machine Learning techniques to correlate all unusual requests, track an attacker over time, and give the organization the opportunity to understand who the attacker is, what unusual things he does, and how he can be stopped before something significant happens.
SALT was ranked by Gartner and its customers as “the world’s leading API security with real-time behavior analysis” due to the ease of interfacing, deployment, management and maintenance of the solution.
How does the process work?
First step – collecting all the DATA on all the client’s API. The systems collect a copy of the traffic from all kinds of sources (Load Balancers, API gateways, Kubernetes). The collection is not done inline so that it does not interfere with the normal work and behavior.
Second step – all the information is entered into our BIG DATA ENGINE. This engine analyzes all traffic all the time.
Step three – Above this, the system activates the AI and ML to produce a baseline suitable for the client’s environment, the client’s specific API, the specific client’s specific users, etc.
What does SALT Security solution provide to the customer?
- DISCOVERY – we make a discovery of the entire API and map the ATTACK SURFACE of that client. Visibility of the entire API.
- RUN TIME PROTECTION – we identify attackers at a very early stage of their research, and enable customers to block the attacks.
- SHIFT LEFT – stopping the process and returning it to an earlier stage to correct the defects.