Startup Salt Security announced its API Protection Platform on Jan. 29, providing organizations with advanced capabilities to help discover, prevent and then remediate API attacks.
Application programming interfaces (APIs) are commonly used in modern infrastructure, enabling a way to extend and interact with different aspects of an application or service. In recent years, attackers have increasingly targeted APIs as a way to exploit organizations. The Salt Security API Protection Platform is able to discover APIs that are in use and can then help detect potential misuse and attacks.
"Our mission at Salt Security is to help prevent companies from being breached via an API," Roey Eliyahu, co-founder and CEO of Salt Security, told eWEEK. "At a high level, we are watching API usage and traffic, [and] then, leveraging our artificial intelligence technology that is being patented, we are able to identify and prevent API attacks."
Founded in 2016, Salt Security quietly worked on its API Protection Platform until now. Eliyahu said the Jan. 29 release marks the first official launch for the product, which is now generally available. Alongside the product launch, Salt Security also announced that it has raised $10 million in funding to help the company grow its technology and go-to-market efforts.
There are three core modules in the Salt Security API Protection Platform. The first module is discovery, which provides visibility across an organization into where APIs are used. Eliyahu explained that the discovery module learns what specific APIs are doing and what data is normally accessed and used.
The second core module is about prevention, which looks to stop attacks. Eliyahu said that based on an understanding of the normal baseline activity for a given API, Salt Security can identify anomalous activity that could be indicative of a threat.
"We detect all the steps that an attacker might take and provide a visual timeline of activity and provide customers with the toolset they need to know exactly who is trying to attack them," Eliyahu said.
When a potential attack is detected, the remediation module in the Salt Security API Protection Platform can help organizations take the necessary steps to block and remediate the risk. Eliyahu said the platform is able to generate remediation actions for developers about what the gaps and vulnerabilities are that they need to fix. The whole system gets more secure over time, as attackers try to exploit APIs. As new attacks emerge, the Salt Security system identifies them and is then able to improve with enhanced remediations to help prevent future attack attempts.
"It's kind of funny—we are leveraging the attackers to act as penetration testers to find the gaps," he said.
Looking forward, Eliyahu said Salt Security will continue to develop the platform with enhanced operational features that come from customer feedback. Among the things that Eliyahu said Salt Security is working on is completely automated orchestration to further improve workflow integration.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.