Salt, an API protection company, has announced its Salt Security API Protection Platform. The platform uses AI and knowledge about users' unique APIs to proactively monitor and detect abnormal behavior. The platform helps identify malicious behavior before it escalates to a large scale attack.
“My experience handling cybersecurity in the IDF made it clear that API protection was a pervasive and growing challenge across many industries, and that we had to change the way that companies protect their applications and data,” Roey Eliyahu, Salt Security co-founder and CEO, commented in a press release. “Traditional security solutions cannot even detect the latest attacks, but by applying artificial intelligence and big data technology, we can identify and respond to attackers before an attack is successful.”
APIs are especially unique given they are specific to applications to suit certain developer and end user needs. Accordingly, most security products only look for attacks that have previously occurred and alert and administrator to activity seen in previous attacks. Salt Security uses AI to learn the specific attributes of a user's API, and then looks for any abnormal activity that could become a security threat. The platform identifies dangerous behavior at the reconnaissance phase as opposed to after malicious activity has occurred.
The platform works in three stages:
- Discovery: the platform discovers covered APIs and identifies unique data and functionality. This allows the platform to proactively monitor all APIs, regardless of architecture or feature
- Prevention: After unique APIs are discovered, prevention includes reconnaissance stage monitoring and alerts admins to issues before they arise to an actual attack
- Remediation: The platform includes feedback capabilities that security teams can use to stop attacks. The feedback can be prioritized and associated with remediation efforts
To learn more, visit the platform site. More detailed information is available through a downloadable data sheet. Many solution providers now take an API-first approach to application development. It only makes sense that a security platform would build its product with an API-first protection model.