Back to Viewpoints

Bryan Taylor, Eric Noeth, and Alek Ferro • May 27, 2021Perspectives

Salt Security: Guarding APIs as the next big threat surface

The API explosion and its security implications

We are living in an increasingly connected world, as the digital transformation brings software applications into every industry, and those applications communicate and share relevant information with one another continuously. We are also living in a cloud world, with microservices-based architectures enabling faster, more scalable delivery of these software applications to the masses.

Application Programming Interfaces, or APIs, are the linkages between apps or app components that make these trends possible, and as a result they are exploding in number and complexity every day. API traffic has grown to comprise over 80% of all web traffic today, and we have heard from CIOs whose companies’ API volumes have increased by an order of magnitude or more over the past few years. There have been major companies in recent years built entirely upon providing APIs to enable better digital experiences.

While all of this is positive for businesses and consumers alike, it brings with it a particularly challenging security problem. Development and IT operations teams struggle to manage the volumes of APIs they are employing, and therefore there are often major gaps in visibility around what APIs exist, what they are engaging with, and what information they are exposing. Furthermore, attackers recognize that APIs are lucrative to target since they can allow direct access to sensitive personal data if misconfigured. As a result, malicious API traffic is growing even faster than overall API traffic, at over 200% annually.

This has led Gartner to predict that:

By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.

We believe this inflection is starting to occur already, as evidenced by the increasing frequency of API-related security incidents that we all read about in the news. Recently it seems there is a new report each week of a major tech platform inadvertently exposing private customer information to the public Internet because of an API issue, often for a shockingly long period of time prior to discovery or remediation.

Salt Security’s Purpose-Built Solution

The magnitude and complexity of this problem requires a new security approach focused squarely on guarding enterprises’ APIs. We believe Salt Security delivers this with its flagship solution, the Salt Security API Protection Platform, which uses a big data AI/ML engine to automate the continuous discovery of APIs and exposed sensitive data, stop API attackers during their reconnaissance activities, and deliver remediation insights. Salt’s patented platform does all of this without needing any agents, software changes, or inline code, meaning that it can deploy quickly and does not impact application performance.

As APIs continue to proliferate and the ecosystem of access and control points to manage them continues to fragment, we believe Salt’s heterogeneous and data-driven approach is the best way for enterprises to gain control over the API security problem. Enterprises have been recognizing this as well, with Fortune 500 companies and market disruptors alike – including Equinix, Finastra, TripActions, Takeda Pharmaceuticals, and more – trusting Salt with securing their critical API-driven services and applications at scale.

Of course, all of this is a function of Salt’s incredible team, led by co-founders Roey Eliyahu and Michael Nicosia. They have been working on this problem longer than anyone else, making Salt the first to market, the first to patent a next-generation AI/ML-based API security solution, and the clear leader in the space today.

Advent’s Investment in Salt Security

We at Advent Tech are thrilled to lead Salt’s $70M Series C financing, providing the company with additional capital to fuel further innovation and expand its global operations across R&D, sales and marketing, and customer success to meet the surging demand for API security tools in the marketplace. We look forward to partnering with the Salt team and its other investors (Alkeon Capital, DFJ Growth, Sequoia Capital, Tenaya Capital, S Capital VC, and Y Combinator) to accelerate the company’s impressive growth in this exciting new chapter.