Salt Security, an API security company, enhanced its next-generation Salt Security API Protection Platform, extending abilities in threat detection and pre-production API testing. The features include insights into attacker behaviors and patterns, visual depictions of API call sequences and support for attack simulation ahead of releasing APIs into production.
With these new capabilities, Salt enhances its runtime protection, providing organizations a more comprehensive view of API usage and the API attack surface so they can improve their business understanding and accelerate incident response time.
Building on its existing threat detection and monitoring algorithms, the Salt platform provides organizations with quick, automatic and continuous visibility into any risks or vulnerabilities within their API ecosystem. Customers easily can spot and block API attacks before bad actors can reach their objective, and they also quickly can identify unusual API usage patterns and remediate API vulnerabilities.
New features in the Salt Security API Protection Platform include:
- Threat hunting capabilities within more detailed attacker timelines – Salt continues to be the only API security company that creates a consolidated attacker timeline. New platform capabilities support threat hunting and better illumination of the sequence of attacker steps, enabling organizations to conduct faster incident analysis and expedite remediation efforts.
- Visualization of API Call Sequences – Salt becomes the first API security vendor to offer a visual depiction of the various paths that API calls are following. This visualization makes clear how users are interacting with APIs, revealing actions that should and should not be allowed, how users or services are entering digital systems, usage that shouldn’t be allowed, API design flaws, and other usage details.
- Contextual API security testing – Salt is making robust attack simulation capabilities available across runtime, pre-production, and development cycles. These simulations can help organizations identify business logic flaws early in the lifecycle, and integration with CI/CD systems means developers can address security gaps before releasing APIs.
In the Salt Security State of API Security Report, Q1 2022, 86 percent of respondents admitted to lacking confidence in knowing which APIs expose sensitive data. Identifying and monitoring for API vulnerabilities in real-time is crucial for protecting companies’ vital assets so they can focus on business operations instead of risk.
“Bad actors work tirelessly to refine their tactics and techniques to make threats more difficult to detect. Successfully defending against modern, sophisticated API attacks requires solutions that can swiftly detect illegitimate activity and behavioral abnormalities in real-time,” said Elad Koren,
Chief Product Officer, Salt Security. “Our latest platform capabilities deliver critical insights sooner and across the full API lifecycle. With increased context over time, combined with automated threat alerts, organizations can better defend themselves against attacks and fix API vulnerabilities before they can be exploited.”