API vulnerability detection firm Salt Security raises $70M

Elevate your enterprise information technologies and technique at Transform 2021.


API discovery and vulnerability detection platform Salt Security today raised $70 million in a series C funding round led by Advent International. The Palo Alto, California-based startup says it plans to use the capital to expand its worldwide operations across R&ampD, sales and marketing and advertising, and client results.

Application programming languages (APIs) dictate the interactions in between application applications. They define the sorts of calls or requests that can be made, how they’re made, the information formats that must be employed, and the conventions to stick to. As more than 80% of internet visitors becomes API visitors, APIs are coming below rising threat. Gartner predicts that by 2022, API abuses will move from an infrequent to the most frequent attack vector, resulting in information breaches for enterprise internet apps.

Salt’s platform aims to avoid these attacks with a mixture of AI and machine understanding technologies. It analyzes a copy of the visitors from internet, application-as-a-service, mobile, microservice, and world wide web of points app APIs and makes use of this course of action to obtain an understanding of each and every API and produce a baseline of regular behavior. From these baselines, Salt identifies anomalies that may be indicators of an attack through reconnaissance, eliminating the want for points like signatures and configurations.

“I’m a former elite cybersecurity unit veteran that led development of high-end security systems to protect the largest network in Israel of the Israel Defense Forces and the government,” cofounder and CEO Roey Eliyahu told VentureBeat by means of e-mail. “During my service and afterwards in different roles, I consistently found that APIs were surprisingly simple to hack and that existing security technologies could not identify API attacks. I joined forces with my cofounder and COO, Michael Nicosia, to build Salt Security on the premise that we needed to take a fundamentally different approach — to use big data and AI to solve the problem of securing APIs, a problem traditional security tools cannot solve because of their legacy architectures.”

Image Credit: Salt Security

Salt leverages dozens of behavioral features to recognize anomalies. Its machine understanding models are educated to detect when an attacker is probing an API, for instance, since this deviates from common usage. They analyze the “full communication,” taking into consideration elements like how an API responds to malicious calls. And they correlate attacker activity, enabling Salt to connect probing attempts performed more than time to a single attacker, even if the perpetrator attempts to conceal their identity by rotating devices, API tokens, IP addresses, and more.

Confirmed anomalies trigger a single alert to safety teams with a timeline of attacker activity.

“APIs connect all of today’s vital data and services. Organizations rely on the Salt Security API Protection Platform to identify API security vulnerabilities ahead of launching them in production,” Eliyahu stated. “These remediation insights enable companies to move fast in their application development while still reducing risk by finding security gaps before they can be exploited. The Salt platform provides runtime protection, blocking attacks such as credential stuffing, data exfiltration, account misuse, and fraud. Salt also helps companies meet compliance needs, providing documentation of all APIs as well as where they expose sensitive data.”

Upward trajectory

Salt requires an strategy equivalent — but not identical — to that of Elastic Beam, an API cybersecurity startup that was acquired by Denver, Colorado-based Ping Identity in June 2018. Other rivals incorporate Spherical Defense, which adopts a machine understanding-based strategy to internet application firewalls, and Wallarm, which offers an AI-powered safety platform for APIs, as effectively as web-sites and microservices.

But Salt is performing brisk company, with clients like Equinix, Finastra, TripActions, Armis, and DeinDeal. The enterprise, which was founded in 2016, claims to have driven 400% development in income, 160% development in personnel (to more than 65), and 380% development in the API visitors it secures.

“We have high double-digit numbers of enterprise customers in financial, fintech, insurance, retail, software-as-a-service, ecommerce, and other verticals … For most Salt customers, the pandemic accelerated their digital transformation and cloud migration journeys. Digital transformation depends heavily on APIs, so most of our customers were writing APIs at a much more rapid rate,” Eliyahu stated. “Our customer, Armis, for example, had to integrate with many more device types in its internet of things security offering to serve its customers, whose employees were now working from home. Instead of having dozens of APIs to write and protect, the company suddenly had hundreds, and manual testing and documentation efforts simply could not scale, so they needed to deploy Salt earlier and more broadly than originally expected. Several Salt customers experienced a similar acceleration, and our revenue grew faster as a result.”

This most current financing round had participation from Alkeon Capital and DFJ Growth along with investors Sequoia Capital, Tenaya Capital, S Capital VC, and Y Combinator. It brings Salt’s total raised to $131 million to date following a $30 million round in December 2020.


Originally appeared on: TheSpuzz

iSlumped