Salt Security is an API security platform that uses AI/ML to discover APIs, detect attacks, and protect against API-specific threats in runtime.
It’s known for pioneering the API security category.
What is Salt Security?
Salt Security provides comprehensive API security through continuous discovery, runtime protection, and threat detection.
The platform uses machine learning to baseline normal API behavior and detect anomalies that indicate attacks.
Salt was one of the first companies to focus exclusively on API security and has helped define the category.
Key Features
API Discovery
Automatically discover all APIs:
- Production APIs
- Shadow/undocumented APIs
- Zombie APIs (deprecated but active)
- Third-party integrations
Attack Detection
ML-powered threat detection:
- Business logic attacks
- Credential stuffing
- Data exfiltration attempts
- BOLA/IDOR attacks
- Injection attempts
Runtime Protection
Protect APIs in production:
- Real-time threat blocking
- Rate limiting
- Anomaly detection
- Session hijacking prevention
Sensitive Data Detection
Identify data exposure risks:
- PII detection
- Credit card data
- Healthcare information
- Custom data patterns
How It Works
Salt Security deploys as a sidecar or out-of-band agent:
┌─────────────────┐
│ Salt Cloud │
│ (Analysis) │
└────────┬────────┘
│
Traffic Mirror │
│ │
▼ ▼
┌─────────┐ ┌─────────────────┐ ┌─────────┐
│ Clients │ ───► │ Salt Agent │ ───► │ API │
└─────────┘ └─────────────────┘ └─────────┘
The agent observes API traffic without adding latency to the request path.
API Inventory
Salt creates a complete API inventory:
API Inventory:
├── Public APIs (45)
│ ├── /api/v1/users
│ ├── /api/v1/products
│ └── ...
├── Internal APIs (128)
│ ├── /internal/billing
│ └── ...
├── Shadow APIs (12) ⚠️
│ ├── /legacy/orders
│ └── ...
└── Zombie APIs (8) ⚠️
├── /api/v0/deprecated
└── ...
Attack Categories
Salt detects API-specific attacks:
| Attack Type | Description |
|---|---|
| BOLA/IDOR | Broken Object Level Authorization |
| Credential Stuffing | Automated login attempts |
| Data Scraping | Systematic data extraction |
| Account Takeover | Session/token attacks |
| API Abuse | Rate limiting bypasses |
| Injection | SQL, NoSQL, Command injection |
Deployment Options
Cloud Deployment
- SaaS platform
- Traffic mirroring to Salt cloud
- Managed infrastructure
On-Premises
- Self-hosted option
- Air-gapped environments
- Full data sovereignty
Integration
Salt integrates with:
API Gateways
- AWS API Gateway
- Kong
- Apigee
- Azure API Management
Cloud Platforms
- AWS
- Azure
- GCP
- Kubernetes
SIEM/SOAR
- Splunk
- Datadog
- ServiceNow
- PagerDuty
Remediation Workflow
- Detection - Salt identifies attack or vulnerability
- Alert - Security team notified
- Context - Full attack details and timeline
- Remediation - Actionable fix recommendations
- Verification - Confirm fix is effective
When to Use Salt Security
Salt Security is ideal for:
- Enterprises with large API portfolios
- Organizations with unknown/shadow APIs
- Teams needing ML-powered threat detection
- Companies with compliance requirements
