As APIs (Application Programming Interfaces) increasingly standardise software components, they have become central to inter-application exchanges. Playing a vital role in the architecture of distributed digital services, APIs also introduce serious security risks, particularly as traditional security solutions often overlook them. Salt Security for API protection, an Israeli company based in Silicon Valley, focuses on this critical blind spot, developing tools dedicated exclusively to securing APIs.
Why Salt Security for API protection addresses critical risks
Gartner predicted in 2022 that APIs would soon be the primary target for cybercriminals. Supporting this, Salt Security’s API Security Watch reported a 117% spike in malicious API traffic over one year. Shockingly, 94% of companies experienced security incidents related to their production APIs.
Allowing various software components to communicate with ease, APIs have proliferated rapidly, integrating across modern information systems. In 2016, Postman, an API management tool, tracked fewer than 500,000 API files. By 2022, that number soared to 38 million. These APIs function as access points, granting direct or indirect entry into sensitive systems within interconnected networks.
Moreover, agile projects introduce new API security complexities. Salt Security reveals that over 40% of companies modify their APIs weekly. Often, organisations create or discard APIs without informing IT departments. This results in a volatile security environment with frequent changes and data exposure risks, making APIs vulnerable to attacks.
Despite these risks, over 60% of companies lack structured API security. Many cite ineffective cybersecurity tools, with 82% finding existing solutions inadequate for handling modern API threats. It’s little wonder that attackers are increasingly exploiting these gaps.
How Salt Security protects APIs beyond WAF limitations
Previously, securing information systems involved building protective barriers around them with firewalls. However, with interconnected components, Web Application Firewalls (WAFs) were needed for each application. A WAF filters traffic by detecting and blocking known attacks, like SQL injections and cross-site scripting (XSS).
Yet, today’s hackers are more sophisticated. Many start with low-key reconnaissance to pinpoint application weaknesses. Attacks may unfold over weeks, slipping past WAFs undetected. This gives attackers ample time to extract data or escalate access rights deeper within the system.
Salt Security’s unique API protection approach
Salt Security’s platform safeguards all API types—SOAP, REST, GraphQL—whether internal or external, throughout their lifecycle. Its AI-driven approach shields APIs from diverse attacks, including those in the OWASP Top 10, and identifies vulnerabilities from faulty implementations.
Salt Security inventories APIs across an organisation, identifying exposed data and analysing behaviour to detect anomalies. With this capability, it can detect and block malicious actions before they escalate. Salt’s real-time alerts and corrective insights go far beyond what traditional WAFs offer, making it a preferred solution for proactive API security.
In April 2022, Salt Security revealed a severe API flaw in a US fintech platform, risking data for millions of customers and hundreds of banks. This innovative approach, validated at scale, is well-suited for organisations already established in application security and looking to enhance their defences.
How can I learn more?
This article is part of a larger series focusing on the technologies and topics found in the first edition of the Devoteam TechRadar. To see what our community of tech leaders said about the current position of Helm in the market, take a look at the most recent edition of the Devoteam TechRadar.
