Next event:

The QA Financial Forum: London 2019

27 February, 2019
News and research on financial software quality assurance and risk management

Salt Introduces DevSecOps Platform Detecting Abnormal API Activity

5 February 2019
Cybersecurity start-up Salt has introduced out a new security platform which detects when APIs are being probed by cybercriminals looking for weaknesses to exploit.

Cybersecurity start-up Salt has introduced out a new security platform which, the company claims, integrates security into DevOps principles, by making it possible to detect when APIs are being probed by cybercriminals looking for weaknesses to exploit.

The SaaS platform uses machine learning algorithms to establish a baseline for how APIs are being evoked across an IT environment. The platform then monitors activity to detect any anomalies, which might indicate cybercriminals engaging in reconnaissance of API traffic. This analytics is intended to allow DevOps teams to prioritize fixes to any potential security flaw cyber-attackers might exploit.

This approach advances DevsSecOps because the Salt Security technology makes it possible to feed requests to address those security issues directly into a continuous integration/continuous deployment (CI/CD) platform, according to Salt CEO Roey Eliyahu.

The challenge organisations face is each API is unique to each application and the organization that builds them, which means each has unique logic and, by extension unique vulnerabilities, said Eliyahu. Existing cybersecurity tools lack granular understanding of these because they are designed to protect organizations from known attacks. Attacks that target API logic go unnoticed by these tools because they appear to be authenticated use cases, and then employ subtle methods to probe each for unique vulnerabilities, he noted.

To thwart those attacks, the Salt Security technology automatically discovers all APIs and associated functionality, said Eliyahu. That’s important because it’s not uncommon for organizations to lose track of the many that might have been exposed over the course of an application’s lifetime.

Get the latest
by email

Newsletter Sign-Up
First Name*
Last Name*
Email*

I understand my contact details will be entered into your database and used to contact me by email with QA Financial's newsletter. See our privacy policy here.

Opted-in to receive newsletter
Source - newsletter sign-up form