Salt Security is a company that provides end-to-end API security so businesses can innovate safely and accelerate digital transformation initiatives. Pulse 2.0 interviewed Salt Security Executive Vice President of Product Ori Bach to learn more.
Ori Bach’s Background
Bach has a background in cybersecurity and product management. Bach has said:
“My passion has always been building security solutions that have an impact in the never-ending fight against cybercrime.”
Formation Of Salt Security
How did the idea for Salt Security come together? Bach shared:
“Salt Security co-founders Roey Eliyahu and Michael Nicosia foresaw that the rapid adoption of APIs due to digitalization would require a new security model. Traditional security solutions would not be able to fully protect against API attacks. Personally, I am always on the lookout for disruptive technologies that can make a real impact on the lives of customers. Salt is on the cutting edge of two key market drivers – the move to microservices architecture and artificial intelligence (AI).”
Favorite Memory
What has been your favorite memory working for Salt Security so far? Bach reflected:
“The first time that a customer shared with me a screenshot of a sophisticated and potentially devastating attack that bypassed all their other security controls but was detected and stopped by Salt.”
Challenges Faced
What challenges have you faced in building Salt Security? Bach acknowledged:
“In the past, all the conversations with customers were: “I’m transforming my business to be based on applications and APIs. How can you help us better manage risk?” In the new digital-first economy the conversation is: ‘I want you to help me better manage risk and save me money by reducing security costs.’”
Core Products
What are Salt Security’s core products and features? Bach explained:
“Salt Security pioneered and continues to lead the API security market. Its flagship offering, the Salt Security API Protection Platform, is the only API security solution that combines the power of cloud-scale big data and time-tested ML/AI to detect and prevent API attacks. With its patented approach to blocking today’s low-and-slow API attacks, Salt provides the adaptive intelligence needed to protect APIs. By correlating activities across millions of APIs and users over time, Salt delivers deep context with real-time analysis and continuous insights into API threats and vulnerabilities, including those outlined in the OWASP API Security Top 10 list.”
Evolution Of Salt Security’s Technology
How has Salt Security’s technology evolved since launching? Bach noted:
“The cyber threat landscape is an ever-evolving space, marked by the constant emergence of new threats and the continuous improvement of existing ones. Salt recognizes the seriousness of this challenge and continuously adapts its technology to keep pace with these threats.”
“In October 2021, Salt Security added new capabilities to its platform to secure GraphQL APIs. This update enables users of GraphQL, an open-source query language used to build APIs, to leverage Salt Security to discover APIs, mitigate data exposure, stop attacks, and eliminate vulnerabilities at their source.”
“In July 2022, Salt announced new enhancements to its Salt Security API Protection Platform, including deeper and earlier insights into attacker behaviors and attack patterns, visual depictions of API call sequences, and support for attack simulation ahead of releasing APIs into production.”
“In April 2023, Salt announced new enhancements to its Salt Security API Protection Platform, accelerating API threat detection and resolution with:
1) Enhancements to its core AI models – to process more API data faster into its patented API Context Engine (ACE) architecture for improved API threat detection and discovery.
2) Improved user intent detection – quickly and accurately detect when an API user exhibits malicious intent, reducing false positives while ensuring accurate identification of true positives.
3) New threat severity analytics – enabling security teams to differentiate between high- vs. low-severity attacks to focus on the greatest threats.
4) A new Rapid Investigation mode – to identify and highlight the most critical malicious attack events.
5) Advanced API discovery at scale – providing more accurate mapping of API endpoints to make it easier to inventory and understand APIs at scale.”
“Most recently, Salt expanded its partnership with CrowdStrike by integrating the Salt Platform with the industry-leading CrowdStrike Falcon® Platform. With this new integration, our joint customers now can get a 360-degree view of API security risks with unique insights into the application-layer attack surface.”
Significant Milestones
What have been some of Salt Security’s most significant milestones? Bach cited:
“Salt Security has had a variety of noteworthy accomplishments since its founding. Salt has raised $271 million dollars in funding from leading VC firms, including Capital G and Sequoia – given the current macroeconomic challenges, we are fortunate to have the funding needed to get through this tough climate.
“In addition, Salt has received outstanding industry recognition for its approach to API security. For example, in May 2020, Gartner announced Salt Security as a Cool Vendor in API Strategy, highlighting the novel approach to proactive API security and the ability to “detect potential attacks on APIs before they result in a breach.” In June 2022, Salt Security was handpicked by Gartner, the world’s leading technology analyst firm, to participate in the first-ever showdown focused on API Security at the Gartner Security & Risk Management Summit.”
“Salt has also initiated a variety of partnerships and programs, all with the objective of making API security more accessible and operational to its customers. In September 2022, CrowdStrike, a cybersecurity leader in cloud-delivered protection of endpoints, cloud workloads, identity, and data, publicly announced its strategic investment in Salt Security via its investment arm, Falcon Fund. This agreement represents the industry’s first security-to-API-security investment.”
“Recently, Salt announced its partnership and bi-directional platform integration with Wiz. This partnership provides Salt and Wiz customers with a robust and holistic understanding of API threats and vulnerabilities that spans both application and cloud environments.”
“As I mentioned before, in September, Salt and CrowdStrike announced their jointly developed integration, which leverages the CrowdStrike Falcon platform to block API attacks that the Salt platform identifies.”
Customer Success Stories
Upon asking Bach about customer success stories, he replied:
“One of our most recent success stories comes from Guild Education. Guild provides a Career Opportunity Platform. Guild partners with employers to design training and education programs that align with each company’s corporate strategy and create career advancement opportunities through personal and professional learning programs, career development, and one-on-one coaching.”
“The team engaged with Salt Security for an initial proof of concept and penetration test, and saw results that were more actionable than any other solution they have tried. Further strengthening their confidence in Salt, the Guild team – in the midst of the Salt evaluation – was alerted that the CircleCI breach may have affected data security at Guild. The team leveraged Salt to assess the threat and recognize that their data had not been compromised.”
“Julie Chickillo, VP, head of security, Guild Education, shared, ‘The visibility we get with Salt eliminates blindspots, allowing us to better protect the critical and personal information – including employer eligibility updates, student loan reimbursement data, and program applications – being shared via our APIs.’”
Funding/Revenue
After asking Bach about funding and revenue metrics, he revealed:
“Since its founding, Salt Security has grown to be a company with more than 200 employees and, as already noted, $271 million dollars in funding from top Venture Capital firms, including Sequoia Capital and CapitalG – firms that have also backed public companies including Palo Alto Networks, Check Point, Lyft, Kayak and more. Moreover, of that amount, Salt raised more than $210 million in just the past two years, with a Series C in May 2021 raising $70 million and Series D in February 2022 raising $140 million.”
“Over the past 18 months, demand for API security has surged, with businesses needing to protect the APIs driving their digital transformation, application mobilization, and other IT modernization initiatives. In this time, Salt Security drove:
– 500% growth in revenue
– 300% growth in its customer base
– 250% growth in its employee count
– 900% growth in signed customers among Fortune 500 and Global 500 companies”
Total Addressable Market
What total addressable market (TAM) size Salt Security is pursuing? Bach assessed:
“Salt Security protects the APIs that form the core of every modern application. With that, Salt protects more than 100 global enterprises across different industries.”
Differentiation From The Competition
What differentiates Salt Security from its competition? Bach affirmed:
“Salt Security is the only platform on the market that applies cloud-scale big data to address API security challenges. Only Salt can capture and baseline all API traffic–all calls and responses — over days, weeks, and even months. Salt applies its AI and ML algorithms, which have been in the market for more than four years, to provide real-time analysis and correlation across billions of API calls. You need that level of context to provide rich discovery, accurate data classification, and — most importantly — identify and stop “low and slow” API attacks that occur over time. No on-prem solution has the data capacity to catch today’s sophisticated attacks in the wild, such as a single parameter BOLA attack.”
“Unlike any other offering on the market, the Salt platform provides both runtime protection and developer insights, enabling companies to ensure that data and services are immediately protected even while developers harden APIs. The Salt approach also enables a complete and up-to-date inventory of all APIs to help customers eliminate blind spots, assess risk, and determine sensitive data exposure – even as APIs are updated, or new APIs are added to the environment.”
“In addition to its technology leadership, Salt Security also has the most funding, the most application environments and ecosystem integrations supported, the most customers and deepest penetration among Fortune and Global 500 enterprises, and the most use cases enabled – setting the standard for API protection for security teams and the organizations they protect.”
Future Company Goals
What are some of Salt Security’s future company goals? Bach pointed out:
“Here at Salt, we are always working on continually advancing our platform to ensure organizations have the most comprehensive view of API usage and the API attack surface so they can improve their business understanding and accelerate incident response time.”
Additional Thoughts
Are there any other topics you would like to discuss? Bach concluded:
“I see the macroeconomic environment not as a threat but as an opportunity. It drives everyone to think about efficiency and be willing to challenge the status quo. This is really a great opportunity for Salt. We don’t want our customers to work harder to become safer. We want them to work smarter and become safe and efficient.”
