Salt Security’s Contextual API Security Testing Helps Identify Vulnerabilities Before Attacks

In this episode of TFiR Let’s Talk, Swapnil Bhartiya sits down with Elad Koren, Chief Product Officer at Salt Security, to discuss the funding enhancement to the Salt platform. He goes into detail about why companies like Uber still fall victim to hacks and shares his insights into what companies can do to better protect themselves.

Key highlights from this video interview are:

Salt, a leader in API security, has announced funding from the CrowdStrike’s Falcon Fund. Koren feels this indicates the trust CrowdStrike has for API security and Salt, and discusses what this means for Salt. He goes into detail about why organizations need to prioritize their security budget and the potential partnership for the CrowdStrike customers.
Salt recently released new features for their platform. Koren explains that the real-time attacks they are seeing need a deep understanding of the API and how their complimentary contextual API security testing is helping with this. He tells us how they take the entire context and bring it into the left side to simulate actual attacks.
With the recent Uber cyberattack, many are questioning why a company of such scale is falling victim to a cyberattack. Koren believes that while there is a lot of talk about security practices, many organizations are missing basic things. He explains how some companies compromise security in order to move forward fast and the importance of needing the right controls in place.
Many companies focus on ticking the box and complying with the regulations around the world, yet perhaps do not go so far as to find an effective solution to protect the company. Koren discusses the possibility in the future for companies who experience breaches to have to compensate users and the effect it would have towards being more conscious of the risks for the end user rather than just ticking boxes.
Koren explains the situation many companies find themselves in with balancing risk versus cost. He feels it requires a completely new way of thinking and understanding where we are from a digital perspective.
One of the key ways Salt aims to add value to their customers is to continue to improve. Koren discusses how Salt proactively seeks out vulnerabilities in advance before an attacker takes advantage of it. He explains how their product scans hundreds of parameters in every customer environment to identify anomalies.
Koren explains how API is not like data but lots of lines of codes and how to best understand it organizations need to go further than just test to code or scan it and how you need to look at production traffic and monitor it in order to eliminate the human aspect of security risks.
Shadow endpoints or Zombie endpoints can happen when someone has left a role and it is presumed that it has been disabled. Koren discusses the risks of Zombie endpoints and how Salt helps customers tackle the challenge with drift analysis.

Connect with Elad Koren (LinkedIn)
Learn more about Salt Security (Twitter)

The summary of the show is written by Emily Nicholls.

You may also like

Why AWS backs Valkey, an open source alternative to Redis | David Nalley

LF Energy leads digitalization efforts to tackle decarbonization challenges

Carbon Data Specification Consortium helps drive climate solutions with carbon data standardization

Tackle data complexity with Hasura v3

Acorn Labs’ GPTScript aims to redefine coding for AI applications

Kubernetes is not for the weakhearted, so we are trying to simplify it | Sudeep Goswami