Securing your innovation

The rich API context you need for robust discovery, attack prevention, and shift left.

Tegra provides complete API security through SALT Security

What sets SALT API Security apart?

Technology

SALT Security is the only platform with the rich context needed to stop today’s sophisticated attacks.

Customers

More Fortune Global 500 companies and disruptors are served by SALT than by any other provider.

Time

SALT Security has been on the market the longest, with the richest feature set and most mature platform.

Research

SALT Labs is the industry’s only security research team focused on API security.

The SALT Security Labs mission

SALT Security Labs furthers the broader SALT Security mission of enabling innovation through APIs by educating the broader market on the latest API threats. Our research includes finding API vulnerabilities in the wild, documenting the tactics of threat actors, and helping organisations avoid or remediate the risk.

API security research is in our DNA – it’s how Roey and his team first identified the need for a new generational security platform, one that could identify and stop API attacks. SALT Labs’ research educates practitioners on API security incidents and the missteps to avoid, making it safer for the world to innovate with APIs.

Why SALT API Security?

With SALT Security, Tegra provides context-based security for all your APIs

Only SALT Security delivers the context you need to protect your APIs across the build, deploy, and runtime phases. We combine complete coverage and an ML/AI-driven big data engine to provide that context – to show you all your APIs, stop attackers during the early stages of an attempted attack, and share insights to improve your API security posture.

Attacks have changed – and they are easy to miss

Bad actors now target business logic vulnerabilities in your APIs. But since your APIs are unique, it takes them days, weeks, or even months to probe and learn your APIs. They use “low and slow” techniques that WAFs, gateways, and other traditional tools can't detect, leaving you vulnerable.

Past:
One and done

Single API call - seconds to minutes Known attacks - SQLi, XSS, etc.

Today:
Low and slow

Sequence of API calls - days to week Business logic attacks - requires context

“Advanced API security with strong attack prevention.
SALT Security worked well both in the cloud and on-premises.”
- Infrastructure and Operations (Gartner Peer Insights)

Everyone says they do API security

Legacy and adjacent tools are trying to pivot

Vendors of all stripes are claiming to do API security in order to stay relevant, enter a hot space, or expand their reach. You've got the tough job of sorting through all the noise – you need to get clear on what API security really is and the architecture needed to do it right.

APIs are a top target

APIs are built expressly to share a company's most valuable data and services. That makes them a lucrative target for bad actors. We've already hit the tipping point – APIs are now THE way in.

The SALT Security API Protection Platform

Rich context is required for effective API security

What sets SALT and Tegra apart is its ability to analyse your API traffic over days, weeks, and even months, applying cloud scale and mature algorithms to your API traffic. We see more than anyone else, so we stop more attacks than anyone else.

You get:

Better discovery – with smart aggregation of APIs vs. a long list of duplicated endpoints
Better runtime protection – with insights spanning months of API usage patterns to spot and stop more attacks attacks
Better shift left security – with pre-production API testing tailored to your APIs and runtime remediation insights insights

“Small but mighty, growing powerfully, it scales easily with you. Sped up our development velocity.”
- Enterprise Architect (Gartner Peer Insights)

The SALT API Security Platform

The SALT Security API Protection Platform keeps your modern applications' APIs safe. The platform collects API traffic from all of your applications and uses AI/ML and a cloud-scale big data engine to find all of your APIs and the data they expose, stop attacks, and get rid of API vulnerabilities by scanning and testing during the build phase and learning how to fix them during runtime.

Tegra, with the use of SALT Security, provides immediate value

Seamless deployment

No agents; no code changes; no configuration. Nothing is inline, so there is no application impact.

With more than 60 ways to get a copy of your API traffic, we fit all your API types – internal, external, and third-party – and all your formats, including REST, GraphQL, and SOAP.

The only patent for blocking API attacks

Our patented API Context Engine (ACE) architecture baselines your environment and identifies anomalies. It looks for a pattern of suspicious activity and consolidates activities into a single attacker’s timeline, reducing false positives and eliminating 96% of alerts.

SALT API Security: complete coverage, fuelled by rich context

Discovery

Only Tegra, together with SALT Security, provides intelligent aggregation and consolidation of your API inventory.

Update inventory automatically and continuously
Highlight “shadow” (unknown) and “zombie” (outdated) APIs
Pinpoint APIs that expose sensitive data

Runtime protection

Only SALT Security and Tegra track users over days, weeks, and months to understand today’s drawn-out API attacks.

Tap cloud-scale big data to establish baseline users and APIs over time
Identify anomalies and distinguish mistakes from attacks
Block attackers, not attacks – either manually or automatically

Shift-left practises

Only the SALT Security and Tegra team uses what it learns from bad actors' small successes in runtime to figure out how to fix things.

Analyse OAS/Swagger files for vulnerabilities
Test APIs in pre-production, tuning attack simulations to the discovered APIs
Pinpoint APIs that expose sensitive data