Human beings have proven themselves to excel in a lot of different areas, and yet nothing has been able to beat their sole ability of getting better on a consistent basis. This progressive approach, on our part, has already fetched the world some huge milestones, with technology appearing as a rather unique member of the group. The reason why technology’s credentials are so anomalous is purposed around its skill-set, which was unprecedented enough to realize all the possibilities for that we couldn’t have imagined otherwise. Nevertheless, a closer look should be able to reveal how the whole runner was also very much inspired from the way we applied those skills across a real world environment. The latter component was, in fact, what gave the creation a spectrum-wide presence and made it the ultimate centerpiece of every horizon. Now, having such a powerful tool run the show did expand our experience in many different directions, but even after achieving such a monumental feat, technology will somehow continue to produce the right goods. The same has grown to become a lot more evident in recent times, and assuming one new GRC-themed development pans out just like we envision, it will only propel that trend towards greater heights over the near future and beyond.
Salt Security, the leading API security company, has officially announced the launch of multiple advancements in discovery, posture management, and AI-based threat protection, for its proprietary Salt Security API Protection Platform. According to certain reports, the stated development will help the company bring industry’s first API posture governance engine, which is going to be equipped enough to conceive API governance and threat detection at an organizational level. Talk about the governance engine on a slightly deeper level, it tones down the risk one would have usually witnessed on their first API journey, doing so by first letting the user personally author corporate standards for API posture. Then, it empowers them to assess compliance with those standards, industry best practices, as well as with regulatory requirements. Such a mechanism should go a long way when the agenda is to ensure that all API lifecycle stakeholders (architects, developers, API product managers, AppSec, SecOps) are in sync and security standards are being followed while an API navigates through its lifecycle. Making the engine’s arrival all the more important is how, thus far, we have only seen API security solutions that focus primarily on detection and mitigation of threats. Moving on, we now must acknowledge how the new advancements will also help Salt’s proprietary platform in accessing leading-edge filtering and querying capabilities. The purpose of these capabilities is to provide context rich API asset discovery and management, therefore allowing organizations to mine more intelligence from their discovered API assets. Furthermore, they pave the way for businesses to extract detailed insights about their APIs, such as their purpose, usage patterns, and associated risks. These insights can then be used to create posture governance policies. Joining the pack here are Salt’s new and enhanced behavioral threat response capabilities, capabilities that are all meant to aid SecOps personnel in effectively prioritizing, triaging and analyzing API related security events, and simultaneously reduce mean time to respond and resolve.
The significance of such a feature can be contextualized once you consider the crux of Salt Security’s latest State of API Security Report, Q1 2023, which revealed a whopping 400% increase in unique API attackers this last year. A separate revelation made by the company’s State of API Security for Financial Services and Insurance report talked to how nearly 92% of respondents experienced a significant security issue in production APIs over the past year, with nearly one out of five suffering an API security breach. Hold on, there is more, considering the report also informed us regarding those 59% that saw application rollout delays resulting from security issues identified in APIs.
Anyway, we then have new ecosystem enrichment capabilities that will share API intelligence with the broader lifecycle ecosystem. The platform’s enhanced integrations with application security testing platforms, data enrichment through its public API, and advanced outbound integrations (like syslog and Splunk) will further work in tandem to ensure that API security is not a standalone effort at any point. Covering both internal asset management and external ecosystem integration, Salt’s holistic approach to API security will free up organizations to easily share and operationalize API asset and threat intelligence with existing security technology investments.
“APIs sit at the core of today’s modern applications, connecting enterprises to vital data and services,” said Roey Eliyahu, CEO at Salt Security. “However, with the ever-growing abundance of APIs, businesses are struggling to keep track of the APIs they have within their environment and even more so, are unsure of their current API posture against best practice policy and their own custom policies. By providing the industry’s first API posture governance engine, Salt is helping organizations govern their API-first journeys using API intelligence to discover and effectively manage API assets, ensuring that corporate standards and industry best practices are followed throughout an API’s lifecycle.”
Finally, we must now round things up by getting into the improvements made across enterprise onboarding and operationalization. The stated improvements are likely to include progress in role based access control, improved integrations to corporate identity systems, enhanced system health management and audit controls, and improved data collection and data protection mechanisms. One bonus detail, though, would be Salt AI-based runtime engine’s pledge to pull from the largest data lake, something which should continuously train the dataset and make it better over time.