The rich API context you need for robust discovery, attack prevention, and shift left.
SALT Security is the only platform with the rich context needed to stop today’s sophisticated attacks.
More Fortune Global 500 companies and disruptors are served by SALT than by any other provider.
SALT Security has been on the market the longest, with the richest feature set and most mature platform.
SALT Labs is the industry’s only security research team focused on API security.
SALT Security Labs furthers the broader SALT Security mission of enabling innovation through APIs by
educating the broader market on the latest API threats. Our research includes finding API
vulnerabilities in the wild, documenting the tactics of threat actors, and helping organisations
avoid or remediate the risk.
API security research is in our DNA – it’s how Roey and his team first identified the need for a
new generational security platform, one that could identify and stop API attacks. SALT Labs’
research educates practitioners on API security incidents and the missteps to avoid, making it
safer for the world to innovate with APIs.
Only SALT Security delivers the context you need to protect your APIs across the build, deploy, and runtime phases. We combine complete coverage and an ML/AI-driven big data engine to provide that context – to show you all your APIs, stop attackers during the early stages of an attempted attack, and share insights to improve your API security posture.
Bad actors now target business logic vulnerabilities in your APIs. But since your APIs are unique, it takes them days, weeks, or even months to probe and learn your APIs. They use “low and slow” techniques that WAFs, gateways, and other traditional tools can't detect, leaving you vulnerable.
Past:
One and done
Single API call - seconds to minutes Known attacks - SQLi, XSS, etc.
Today:
Low and slow
Sequence of API calls - days to week Business logic attacks - requires context
“Advanced API security with strong attack prevention.
SALT Security worked well both in the cloud and on-premises.”
- Infrastructure and Operations (Gartner Peer Insights)
Vendors of all stripes are claiming to do API security in order to stay relevant, enter a hot space, or expand their reach. You've got the tough job of sorting through all the noise – you need to get clear on what API security really is and the architecture needed to do it right.
APIs are built expressly to share a company's most valuable data and services. That makes them a lucrative target for bad actors. We've already hit the tipping point – APIs are now THE way in.
What sets SALT and Tegra apart is its ability to analyse your API traffic over days, weeks, and even months, applying cloud scale and mature algorithms to your API traffic. We see more than anyone else, so we stop more attacks than anyone else.
You get:
“Small but mighty, growing powerfully, it scales easily with you. Sped up our development velocity.”
- Enterprise Architect (Gartner Peer Insights)
The SALT Security API Protection Platform keeps your modern applications' APIs safe. The platform collects API traffic from all of your applications and uses AI/ML and a cloud-scale big data engine to find all of your APIs and the data they expose, stop attacks, and get rid of API vulnerabilities by scanning and testing during the build phase and learning how to fix them during runtime.
No agents; no code changes; no configuration. Nothing is inline, so there
is no application impact.
With more than 60 ways to get a copy of your API traffic, we fit all your API
types – internal, external, and third-party – and all your formats, including
REST, GraphQL, and SOAP.
Our patented API Context Engine (ACE) architecture baselines your environment and identifies anomalies. It looks for a pattern of suspicious activity and consolidates activities into a single attacker’s timeline, reducing false positives and eliminating 96% of alerts.
Only Tegra, together with SALT Security, provides intelligent aggregation and consolidation of your API inventory.
Only SALT Security and Tegra track users over days, weeks, and months to understand today’s drawn-out API attacks.
Only the SALT Security and Tegra team uses what it learns from bad actors' small successes in runtime to figure out how to fix things.