APIs are increasingly targeted to attack organizations. Salt Security’s customers saw twice as much malicious API traffic in the past quarter as they did last year.
Salt Security develops an API security platform. Users gain into all APIs of their environment. Suspicious network traffic and misconfigurations come to light. The platform grows rapidly. Salt Security is valued at $1.4 billion, just six years after its inception.
The growth has several reasons. Customers appreciate the platform, but a company needs more than a good product to grow at this rate. The importance of API security is increasing. Salt Security estimates that API traffic tripled worldwide by 2021. Every API is a potential risk. The organisation solves a fast-growing problem.
Salt Security publishes a report on the state of API security twice a year. The latest report shows that the trend persists. In the past quarter, Salt Security customers saw 117 percent more API attack traffic than last year. One in three customers faced 100 API attack attempts per month. Eight percent saw more than 1,000 attacks per month.
A secure API requires multiple measures. The goal is to ensure that APIs only exchange sensitive information with authorized applications and users. Furthermore, no API should listen to malicious calls.
Gateways and web application firewalls (WAFs) have been made it possible to recognize and block suspicious traffic for years. This solves a part of the problem, but the source remains intact. Gateways and WAFs have no idea how an API works. Companies remain unaware of vulnerable configurations, while a significant amount of risks originate from configurations.
Salt Security’s platform recognizes risky configurations. Users value the capability just as much as suspicious traffic detection. The organization surveyed customers on the feature they consider the most important in an API security platform. 41 indicated that a platform should stop attacks. 40 percent said a platform should recognize APIs that expose sensitive data. 22 percent said a platform should assist with pen testing during API development.