SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Salt Security adds threat detection capabilities to API security
Mon, 25th Jul 2022
FYI, this story is more than a year old

Salt Security, the API security company, has announced new enhancements to its next-generation Salt Security API Protection Platform, extending abilities in threat detection and pre-production API testing.

The latest features include deeper and earlier insights into attacker behaviours and attack patterns, visual depictions of API call sequences, and support for attack simulation ahead of releasing APIs into production, according to the company.

With the new capabilities, Salt enhances its capabilities in runtime protection, providing organisations a more comprehensive view of API usage and the API attack surface so they can improve their business understanding and accelerate incident response time.

Building upon its existing threat detection and monitoring algorithms, Salt states its platform provides organisations with quick, automatic and continuous visibility into any risks or vulnerabilities within their API ecosystem.

As a result, customers can more easily spot and block API attacks before bad actors can reach their objective, and they can also more quickly identify unusual API usage patterns and remediate API vulnerabilities, the company states.

New features in the Salt Security API Protection Platform include:

Threat hunting capabilities within more detailed attacker timelines: Salt continues to be the only API security company that creates a consolidated attacker timeline. New platform capabilities support threat hunting and better illumination of the sequence of attacker steps, enabling organisations to conduct faster incident analysis and expedite remediation efforts.

Visualisation of API Call Sequences: Salt becomes the first API security vendor to offer a visual depiction of the various paths that API calls are following. This visualisation makes clear how users are interacting with APIs, revealing actions that should and should not be allowed, how users or services are entering digital systems, usage that shouldn't be allowed, API design flaws, and other usage details.

Contextual API security testing: Salt is making robust attack simulation capabilities available across runtime, pre-production, and development cycles. These simulations can help organisations identify business logic flaws early in the lifecycle, and integration with CI/CD systems means developers can address security gaps before releasing APIs.

In the Salt Security State of API Security Report, Q1 2022, 86% of respondents admitted to lacking the confidence in knowing which APIs expose sensitive data. Identifying and monitoring for API vulnerabilities in real-time is crucial for protecting companies' vital assets so they can focus on business operations instead of risk.

Elad Koren, chief product officer at Salt Security, says, "Bad actors work tirelessly to refine their tactics and techniques to make threats more difficult to detect. Successfully defending against modern, sophisticated API attacks requires solutions that can swiftly detect illegitimate activity and behavioural abnormalities in real-time.

"Our latest platform capabilities deliver critical insights sooner and across the full API lifecycle. With increased context over time, combined with automated threat alerts, organisations can better defend themselves against attacks and fix API vulnerabilities before they can be exploited."