Salt Security Announces API Posture Governance Engine
January 17, 2024

Salt Security announced multiple advancements in discovery, posture management and AI-based threat protection to the Salt Security API Protection Platform.

Salt leapfrogs traditional posture management by providing an API posture governance engine delivering operationalized API governance and threat detection across organizations at scale.

With the latest expansion to its AI-based platform, Salt now delivers:

- API posture governance engine - Which helps organizations minimize risk on their API first journey, by having the ability to author corporate standards for API posture, and assess compliance with those standards, along with industry best practices, and regulatory requirements. Unlike typical API security solutions that focus primarily on detection and mitigation of threats, Salt's platform introduces the first-ever engine dedicated to API posture governance. The new functionality helps ensure that all API lifecycle stakeholders (architects, developers, API product managers, AppSec, SecOps) are in sync and security standards are followed as an API makes its way through its lifecycle.

- New API filtering and querying capabilities - Which provides context rich API asset discovery and management, helping organizations mine more intelligence from their discovered API assets. This feature allows organizations to extract detailed insights about their APIs, such as their purpose, usage patterns, and associated risks. The ability to create posture governance policies directly from these insights is a significant leap forward, offering a new level of depth and customization.

- Enhanced behavioral threat response capabilities - Which will provide SecOps personnel with the capability to more effectively prioritize, triage, and analyze API related security events, and drastically reduce mean time to respond and resolve. More API sprawl means more opportunity for threat actors targeting APIs. This trend will continue in 2024, as evidenced by Salt Security's latest State of API Security Report, Q1 2023, which found a 400% increase in unique API attackers this last year and its State of API Security for Financial Services and Insurance Report where 92% of respondents say they have experienced a significant security issue in production APIs over the past year, with nearly one out of five have suffered an API security breach. Salt's new attacker activity filtering, querying, and threat hunting capabilities leverages findings derived from industry's most mature and advanced behavioral threat detection platform, coupled with its context rich API asset intelligence. The integration of this advanced threat detection with API asset intelligence equips security teams with the tools to rapidly and effectively address API-related security events.

- New ecosystem enrichment capabilities - Which will share API intelligence with the broader lifecycle ecosystem. The platform's enhanced integrations with application security testing platforms, data enrichment through its public API, and advanced outbound integrations (like syslog and Splunk) are designed to ensure that API security is not a standalone effort but an integrated part of the broader security infrastructure. This holistic approach to API security, focuses on both internal asset management and external ecosystem integration. All of these improvements help organizations more easily share and operationalize Salt's API asset and threat intelligence with existing security technology investments.

- Enterprise onboarding and operationalization improvements - Which reduce API risk quickly with minimal operational friction. These latest updates aim to help ease this burden with new improvements in role based access control, improved integrations to corporate identity systems, enhanced system health management and audit controls, and improved data collection and data protection mechanisms.

"APIs sit at the core of today's modern applications, connecting enterprises to vital data and services," said Roey Eliyahu, CEO at Salt Security. "However, with the ever-growing abundance of APIs, businesses are struggling to keep track of the APIs they have within their environment and even more so, are unsure of their current API posture against best practice policy and their own custom policies. By providing the industry's first API posture governance engine, Salt is helping organizations govern their API-first journeys using API intelligence to discover and effectively manage API assets, ensuring that corporate standards and industry best practices are followed throughout an API's lifecycle."

The Salt posture governance engine captures API data with ease, simplifying how organizations share and respond to API threat intelligence. The platform provides pre-packaged templates for accelerated ramp up time, allowing organizations the ability to create their own posture rules, organize and categorize their rules, and extensively filter their APIs. The Salt AI-based runtime engine pulls from the largest data lake in order to continuously train the engine. Salt is the only API security company to deliver AI-based API security, advanced discovery and innovative posture gap analysis, which is needed to unlock the intelligence discovered within APIs.

Share this

Industry News

November 25, 2024

Sonatype and OpenText are partnering to offer a single integrated solution that combines open-source and custom code security, making finding and fixing vulnerabilities faster than ever.

November 25, 2024

Red Hat announced an extended collaboration with Microsoft to streamline and scale artificial intelligence (AI) and generative AI (gen AI) deployments in the cloud.

November 25, 2024

Endor Labs announced that Microsoft has natively integrated its advanced SCA capabilities within Microsoft Defender for Cloud, a Cloud-Native Application Protection Platform (CNAPP).

November 21, 2024

Red Hat announced the general availability of Red Hat Enterprise Linux 9.5, the latest version of the enterprise Linux platform.

November 21, 2024

Securiti announced a new solution - Security for AI Copilots in SaaS apps.

November 20, 2024

Spectro Cloud completed a $75 million Series C funding round led by Growth Equity at Goldman Sachs Alternatives with participation from existing Spectro Cloud investors.

November 20, 2024

The Cloud Native Computing Foundation® (CNCF®), which builds sustainable ecosystems for cloud native software, has announced significant momentum around cloud native training and certifications with the addition of three new project-centric certifications and a series of new Platform Engineering-specific certifications:

November 20, 2024

Red Hat announced the latest version of Red Hat OpenShift AI, its artificial intelligence (AI) and machine learning (ML) platform built on Red Hat OpenShift that enables enterprises to create and deliver AI-enabled applications at scale across the hybrid cloud.

November 20, 2024

Salesforce announced agentic lifecycle management tools to automate Agentforce testing, prototype agents in secure Sandbox environments, and transparently manage usage at scale.

November 19, 2024

OpenText™ unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.

November 19, 2024

Red Hat announced new capabilities and enhancements for Red Hat Developer Hub, Red Hat’s enterprise-grade developer portal based on the Backstage project.

November 19, 2024

Pegasystems announced the availability of new AI-driven legacy discovery capabilities in Pega GenAI Blueprint™ to accelerate the daunting task of modernizing legacy systems that hold organizations back.

November 19, 2024

Tricentis launched enhanced cloud capabilities for its flagship solution, Tricentis Tosca, bringing enterprise-ready end-to-end test automation to the cloud.