Salt Security has launched its Salt Technical Ecosystem Partner (STEP) program, aimed at helping enterprises leverage its API adaptive intelligence to reduce risk in their API ecosystems. The program allows for the integration of Salt’s AI-driven API security insights into the existing workflows and tools of organizations. By joining the STEP program, joint customers can enhance their API security posture with best-of-breed solutions that are enriched by the API security intelligence of the Salt Security API Protection Platform.
The STEP program was inaugurated with the introduction of Salt’s first partners, who focus on API testing solutions. These partners include Bright Security, Invicti Security, StackHawk, and Contrast Security. Salt’s pre-built integrations with these partners enable streamlined deployment and several benefits for organizations. This includes the ability to move to a risk-based approach for API testing by connecting cloud to code and focusing on sensitive data. It also allows for risk reduction with increased surface coverage by utilizing Salt’s accurate and up-to-date API inventory combined with vulnerability prioritization from testing partners. Additionally, organizations can leverage best-of-breed testing capabilities spanning various tests such as OWASP, MITRE, business logic, SQLi, XSS, SSRF, and more, leading to better quality testing. The integration of Salt into existing testing technologies also reduces friction for DevOps and DevSecOps teams, enabling seamless integration into development pipelines. Moreover, the program helps in speeding time to value by working with organizations’ existing integrated development environments (IDEs), software pipeline tools, and other workflows. It also improves testing efficiencies by providing context-rich OAS files that are automatically updated in real-time, highlighting what needs to be tested and the order of priority. Lastly, the program allows organizations to increase their R&D velocity by focusing scanning efforts on priority APIs, such as external APIs or those containing personally identifiable information (PII).
In addition to testing, the STEP program formalizes Salt’s integration with other API ecosystem technologies, including web application firewalls (WAFs), API gateways, and cloud security providers. Salt will also collaborate with partners to jointly develop integrations and publish APIs to accelerate the integration process, thereby allowing a diverse range of partners to extract valuable API data from the Salt system.
The approach taken by Salt Security ensures that enterprises can benefit from industry-leading API security capabilities throughout the entire lifecycle. It acknowledges that no single company can provide all the necessary disciplines to fully secure APIs, and attempts to do so result in mediocre solutions that leave enterprises vulnerable. Through the integrations facilitated by the STEP program, customers will have access to highly capable, easy-to-deploy, and effective API protection solutions.
Roey Eliyahu, CEO and co-founder of Salt Security, emphasized the uniqueness of Salt’s approach to securing APIs. The company’s deep API context provides rich API discovery and runtime protection, which is now extended to partners’ best-of-breed solutions. According to Eliyahu, this combination delivers unparalleled API security to customers. He expressed excitement about welcoming Bright Security, Contrast Security, Invicti Security, and StackHawk to the program, highlighting their leading API security testing solutions.
The need for robust API security is becoming increasingly important as API-related threats and vulnerabilities continue to rise. The “2023 State of API Security” report revealed that 94% of organizations experienced security issues in their production APIs over the past year. Furthermore, a recent study projected that the average cost of a security breach stands at $6.1 million and is expected to increase to nearly $14.5 million by 2030. These statistics highlight the urgency for organizations to prioritize API security to mitigate potential financial and reputational damages.
Partners in the STEP program also shared their perspectives on the collaboration. Gadi Bashvitz, CEO of Bright Security, stated that Salt’s intelligence empowers application security (AppSec) and development teams to improve their organizations’ API security posture. Tracey Mead, VP of Strategic Alliances at Contrast Security, emphasized the importance of context in application security and how insights into API behaviors driven by Salt enable customers to quickly detect potential problem areas and speed up remediation efforts. Michael George, CEO of Invicti, highlighted the significance of extensive API discovery and comprehensive testing coverage across APIs, which joint customers can easily benefit from. Joni Klippert, CEO of StackHawk, emphasized the necessity for prioritizing and automating security testing for APIs, especially with the increasing growth of API development. Klippert expressed excitement about bringing a developer-focused and comprehensive API security testing solution to organizations through the partnership with Salt.
The Salt Technical Ecosystem Partner (STEP) program strengthens the API security landscape by providing organizations with a comprehensive suite of solutions and powerful integrations. With the increasing sophistication and frequency of API-related threats, it is essential for enterprises to adopt robust API security measures to safeguard their systems, data, and reputation. Through the STEP program, Salt Security and its partners are committed to delivering cutting-edge API protection and enabling organizations to build secure software quickly while effectively monitoring and responding to potential attacks.