Michael Isbitski
Palo Alto, April 1, 2021 By all accounts, the rate of API consumption has exploded. Many changes in modern IT – including cloud-native design, microservices architecture, DevOps practices, and a universal drive towards automation – have resulted in a growing number of APIs to manage for all organizations. Unfortunately, APIs have also become one of the most significant attack vectors as attackers chase a given organization’s crown jewels. APIs serve as the entry point to large volumes of data and sensitive business functionality which make them appealing to all types of attackers. From Salt Security’s State of API Security report, we saw that in 2020 API traffic grew 51%, but malicious API traffic grew 211%. Salt Security is combining efforts with MuleSoft to bring best-of-breed API security to the market leader in API management and integration, the MuleSoft Anypoint Platform. The combined power of the Salt Security API Protection Platform and the MuleSoft Anypoint Platform fuels a strong API security strategy and can enable you to improve your API security posture for internal, external, and third-party APIs.
Driving business outcomes with MuleSoft
MuleSoft is a leader in API management (APIM) and API integration with the Anypoint Platform. With the Anypoint Platform, MuleSoft helps support many organizational business cases and development requirements including:
Application modernization and API mediation patterns such as API façade and back end for front ends
Productization of APIs
Developer and supplier self-service portals and workflow
Unified governance, policy management and access control enforcement for your mediated APIs
Visibility and observability over API consumption
How Salt Security enhances API security
From the State of API Security report, Salt Security saw that 100% of its customers had WAFs and API Gateways, and yet 100% of those same customers still experienced API attacks.
API gateways provide tremendous value in modern enterprise architecture, namely by helping facilitate API mediation patterns and enforcing API management policies. The combined MuleSoft and Salt offering helps to bolster this value by enhancing the security features of MuleSoft API Manager – capabilities that are more crucial as organizations embrace newer IT initiatives including digital transformation, cloud adoption, and API-first design. Organizations often operate multiple gateways and will often have APIs that are exposed through different mechanisms. As a result, most organizations lack powerful security visibility and protection for their APIs.
Salt Security integrates with, and collects traffic from, a variety of devices in your organization’s enterprise architecture. The Salt platform consolidates this view, providing a unified, full picture of your API portfolio and the relative risk your organization is facing. The Salt Security API Protection Platform augments the controls available in MuleSoft with the following functionality:
Full context for your APIs and their business logic
Continuous API discovery, cataloging, and data classification for internal, external and third-party APIs to uncover potentially sensitive data exposures
Detection of attackers in early reconnaissance phases, helping to stop an attack campaign before it results in an incident or breach for your organization
Actionable remediation guidance for development and integration teams when API security issues are detected in runtime, including but not limited to the OWASP API Security Top 10
API schema analysis and real-time traffic analysis for uncovering the differences between documented and undocumented APIs, as well as detailing undocumented functionality in known APIs
Detailed chronology for API call and response anomalies and malicious activity
Runtime detection and enforcement
Integration with a wide range of on-premises data center, hybrid cloud, and multi-cloud environments
The combined power of Salt Security and MuleSoft
The pairing of the Salt Security API Protection Platform with the MuleSoft Anypoint Platform provides leading API security and API management capabilities, enabling a stronger API security strategy so your organization can:
Discover all your APIs, including undocumented functionality and potentially sensitive data exposures
Detect and stop attackers that are targeting your Anypoint-managed APIs early in reconnaissance phases to avoid security incidents that can result in brand damage, data exposure, data exfiltration, and regulatory penalties
Enhance your API security posture by providing actionable remediation guidance to development and integration teams to correct vulnerabilities in Anypoint
Provide granularity on API consumption and invocation, automatically generating baselines and highlighting abnormalities that arise as a result of one-off API attacks and extended attacker campaigns
Supercharge existing MuleSoft security controls like IP address allow and deny lists, rate limiting, TLS enforcement, and authentication and authorization
We’re excited to bring best-in-class API management and API security capabilities in this Salt+MuleSoft partnership!
See Salt Security Blog: https://salt.security/blog/salt-security-mulesoft-supercharge-your-api-security-strategy