Salt Security is a company that protects the APIs that form the core of every modern application. Pulse 2.0 interviewed Salt Security co-founder and CEO Roey Eliyahu to learn more about the company as a follow-up from a previous interview.
Roey Eliyahu’s Background
What is Roey Eliyahu’s background? Eliyahu said:
“From as early as I can remember, I had a deep-rooted passion for technology. I began coding at the age of nine, discovering a lifelong love for programming. By eleven, I was freelancing as a developer.”
“I also remember the launch of the first iPhone in 2007 and how it showcased the transformative power of a single product. This one device that was intuitive to use without any sort of instructions also had extremely complex underlying technology that combined several other technologies into one package and continued to advance year over year. This memory has stayed with me and I reflect on the idea often – how technology, no matter how good, is on a never-ending replacement cycle which drives me to always focus on forward movement, innovating and not resting on our laurels.”
Formation Of Salt Security
How did the idea for the company come together? Eliyahu shared:
“When I was in my early twenties, I noticed a significant gap in API security. As more and more applications were modernizing and becoming API-centric, the APIs started carrying very sensitive information. It became increasingly clear that APIs would be the next attack target and the existing security measures meant to stop API attacks were inadequate. This realization inspired me to create a solution. I founded Salt Security in 2016 with the goal of making it safe for companies to innovate and embrace the digital transformation that is reshaping our world. I believed then and continue to believe that without robust API security, the pace of technological advancement we’re witnessing today would be unsustainable.”
Favorite Memory
What has been your favorite memory working for the company so far? Eliyahu reflected:
“My favorite memory is a combination of moments spent with the people I get to work with. We’ve grown the company from an idea to almost 200 people working together. The daily conversations that swing from business to personal and back to business are the best parts of my day and create a community I’m proud to be part of.”
Core Products
What are the company’s core products and features? Eliyahu explained:
“Salt Security offers a comprehensive security platform designed to address the unique challenges of API security. Our product is designed to meet our customers where they are in their API security journey. There are three primary phases of most people’s journey; discovery, posture management and threat protection. Most people start with the simple objective of understanding what APIs they have. Companies have hundreds, sometimes thousands, of APIs. Some are known and documented, some aren’t. We help organizations find everything they have as a first step. Then as a second step in their journey, we help them understand their API posture. With the industry’s first API posture engine, we help them understand where they may be in or out of policy with pre-installed rules that are common across industries and give the ability to create their own rules in just a few seconds.”
“When a company knows what they have and their API posture, we help them stop any API-based attacks. Stopping API attacks is incredibly challenging due to the volume of API traffic that must be analyzed. In fact, we solved this hard problem first and have a several year lead on the competition as we’ve trained our LLM with billions of API calls that no one else has been or will be able to catch up to. This history of learning results in the ability to pinpoint which APIs are malicious and which are normal.”
“By combining advanced discovery, posture management, and threat protection, Salt Security empowers organizations to secure their digital assets and maintain a strong security posture throughout their API lifecycle.”
Challenges
Have you faced any specific bottlenecks in your sector of work recently? Eliyahu acknowledged:
“I think people generally understand the importance of API security and that their modern applications are under constant threat of attack. In the past, say 2-3 years ago, companies may not have understood the threat, but I think they do now. Where we sometimes see a bottleneck is when organizations look to existing and tangentially related API management tools for protection. However, as these technologies weren’t developed as a security tool to stop attacks, companies ultimately end up talking with us as a best of breed solution. So in that sense, it’s a bottleneck because it takes longer to get to the right solution but ultimately they do.”
“Delaying investment in purpose-built tools while researching others not only leaves organizations vulnerable but it stifles advancement. A thriving API management ecosystem relies on a critical mass of users and contributors.”
Evolution Of Salt Security’s Technology
How has the company’s technology evolved since launching? Eliyahu noted:
“Salt Security solved the hard problem of identifying API-based attacks in a sea of billions of legitimate API calls. A real-world example of a needle in a haystack. As I mentioned earlier, we have been doing this for years and years longer than the competition which results in a very high-fidelity solution that continues to evolve. We also invested in the discovery and posture management phases of the API security journey. This has really helped our customers identify what they have, set policy and stop attacks so they can continue to innovate. There is also another area where we have evolved the technology and that’s in the area of ecosystem integrations. We have advanced and native integrations before and after where API security plays. More specifically, we integrate upstream in the process with development tools like Jira to help address vulnerabilities before they are put into production and integration with the various DAST tools. We also integrate downstream with other security solutions providing insight to SIEM tools, SOC teams, firewall technologies and others. We integrate with API management and CDN solutions to easily and comprehensively discover and inventory all of an organization’s APIs.”
“It’s important to mention that we continue to develop sophisticated algorithms to detect a wide range of threats, including bot attacks, API abuse, and data exfiltration. The platform simplifies an organizations access to real-time protection, enabling organizations to respond to threats promptly and minimize damage. These ongoing advancements have positioned Salt as a leading provider of API security solutions, helping organizations protect their sensitive data and applications from a growing range of threats.”
Significant Milestones
What have been some of the company’s most significant milestones? Eliyahu cited:
“A significant milestone has been our fundraising success. To date, we’ve secured $281 million in funding from 13 investors, including renowned firms like Sequoia Capital, Y Combinator, CrowdStrike and Capital G (Google’s investment group). This has led to a most recent valuation of $1.4 billion.”
“Salt’s continued upward trajectory has also proven to be a major milestone for us. This growth further validates our innovative approach to API security and distinguishes us as a leader in the market. In the past 12 months alone, we have experienced significant expansion, bringing in numerous partners, doubling our customer base, achieving a greater than 100% net dollar retention rate, and nearly tripling our customer base among Fortune 500 and Global 500 companies.”
Customer Success Stories
When asking Eliyahu about customer success stories, he highlighted:
“Armis, a leader in agentless device security, was experiencing extremely rapid growth of its API ecosystem during the COVID-19 pandemic. Prior to the COVID-19 pandemic, the Armis team was able to manually document, test, manage, and secure all these APIs. When the pandemic hit and Armis’ customers all started having employees working from home, those customers suddenly needed Armis to build integrations with an untold number of new devices. They ended up amassing more than 100 new integrations in just the first few months of the pandemic – across different technologies, products, and vendors – and all of that is happening over APIs.”
“’With Salt, we’re deploying API runtime security, so we get immediate and ongoing value for APIs, even as we rapidly build new ones,’ said Curtis Simpson, CISO at Armis”
“Armis leverages the Salt platform to automatically and continuously discover all of its APIs, capturing granular details about them to eliminate blind spots and assess risk. The platform also automatically baselines typical API behavior patterns and identifies anomalies, further inspecting them to distinguish user mistakes or changes in APIs from malicious behavior. Salt surfaces only the attack patterns, reducing alert fatigue and enabling Armis to respond quickly or to automate the shutdown of the attack. Salt Security’s capabilities have empowered Armis to effectively manage their API security and continue to deliver innovative solutions to their customers.”
Total Addressable Market
What total addressable market (TAM) size is the company pursuing? Eliyahu assessed:
“The API security market is very large. Every organization, regardless of size or industry, leverages APIs to deliver better customer experiences and grow their business. API usage continues to increase with no end in sight. And as API usage proliferates, it presents entirely new security challenges. The sheer number of APIs creates more attack surfaces for malicious actors. This makes API security a critical concern for businesses of all sizes. Regulatory requirements are another factor driving the demand for API security solutions. Compliance with data privacy and security regulations, such as GDPR and CCPA, necessitates strong API protection. As a result, it’s difficult to estimate the size of the addressable market but it’s safe to say it has the potential to be in the 10s of billions of dollars.”
Differentiation From The Competition
What differentiates the company from its competition? Eliyahu affirmed:
“I think the biggest differentiation is our focus on making our customers successful. By delivering a comprehensive API security solution, our customers can innovate and deliver experiences that delight their customers without the worry of introducing risk. In addition, Salt created the API security market. When we realized the real and extensive security problem, we began building solutions years before anyone else and have maintained that leadership position. With an extensive ecosystem and an API-specific global research team, Salt Labs, that finds more API vulnerabilities than all others combined, we continue to extend our leadership.”
Future Company Goals
What are some of the company’s future company goals? Eliyahu concluded:
“Technological innovation is a cornerstone of our strategy. We’re committed to investing in up-and-coming innovations like artificial intelligence (AI) and machine learning (ML) to enhance our threat detection capabilities and automate routine tasks. We’re also focused on deepening our integration with cloud platforms to provide seamless API security solutions for cloud-native applications. Strategic partnerships are another key area of focus. By collaborating with other security vendors and expanding our distribution network, we can offer more comprehensive solutions and reach a wider audience.”
“We’re dedicated to extending Salt Security’s leadership in the API security space. Through research, publications, and active participation in industry events, we aim to share our expertise and contribute to the ongoing conversation around API security best practices.”
