Salt Security have announced the addition of new advanced threat detection capabilities and improved API discovery to the Salt Security API Protection Platform.

Providing the industry’s only patented AI algorithms for API security, Salt now includes richer detection of user intent, analytics to evaluate API threat severity and rapid investigation enhancements that reduce time to resolution for API attacks. In addition, Salt has strengthened its API discovery process with more comprehensive endpoint mapping to support API discovery at scale.

Salt will showcase these new capabilities, as well as the rest of its award-winning API security platform, at the RSA Conference in San Francisco April 24-27.

Using rich insights gathered from more than five years in customers’ environments, the Salt API data cloud can quickly analyse all API traffic over days, weeks, and months to detect and combat the low and slow approach of API attacks. With the latest improvements to its patented AI algorithms, Salt now delivers:

• Enhancements to its core AI models – Salt has incorporated advanced models, including neural networks, to process more API data at faster rates into its patented API Context Engine (ACE) architecture. Salt has also applied insights from thousands of customer environments into the data sets it uses for the supervised learning portions of the algorithms. These enhancements to the Salt patented API Context Engine (ACE) architecture underlie several new platform capabilities that span API attack detection and discovery.

• Improved user intent detection – Salt is tapping its AI model enhancements to more quickly and more accurately detect when an API user exhibits malicious intent. Since most anomalies are benign, platforms that simply provide anomaly detection flood SoC teams, reducing the platform’s value. These enhanced insights that distinguish API changes from API attacks enable Salt to further reduce its false positive rate while ensuring accurate identification of true positives.

• New threat severity analytics – Salt taps the power of its cloud-scale data sets to analyse more than one million anomalous users every day, looking at their behaviours, over long periods of time, for indicators of malicious intent.

Since only 0.02% of traffic is malicious, Salt has been able to distil these signals from the noise and has augmented its attacker analysis to highlight different levels of severity for API attacks.

The new capability enables security teams to differentiate between high- vs. low-severity attacks, so they can focus their time and attention on the greatest threats. Tracking user activity over long vs. short periods of time is essential to surfacing today’s low-and-slow API attacks, which can take days and weeks to unfold.

• A new Rapid Investigation mode – Salt has long correlated attacks into a consolidated attacker timeline to help SoC teams streamline incident resolution. The new Rapid Investigation mode now identifies the most malicious attack events, highlighting them at the top of the attacker timeline.

The Salt ACE engine analyses the confidence of the Salt ML findings to identify these most critical malicious events. Given the significant rate of increase in API traffic and API attacks and the lack of commensurate growth in SoC teams, this new capability helps SoC teams keep up with the growing threat of API attacks.

The SoC teams can tap the intelligence of the Salt platform to better scale their operations by dramatically reducing the mean time to resolve (MTTR) API attacks despite not having deep knowledge of the APIs themselves.

• Advanced API discovery at scale – Salt improvements to its AI and ML models has also enhanced its API discovery process. The latest version of the Salt platform provides a more accurate mapping of API endpoints.

This kind of intelligent grouping makes it practical for large organisations to inventory and understand their APIs at scale. Less intelligent systems create a usable catalogue in real-world operations, listing an iteration of an API per dynamic component such as a user ID, for example. Organisations need intelligent coalescence and deduplication for effective cataloguing at scale.

“As the pioneer in API security, Salt recognised early on that API attacks differ from other types of attacks,” said Roey Eliyahu, CEO, Salt Security. “To capture a BOLA attack in the wild, you must watch API behaviour over days, weeks – even months.

“A short analysis window means you’ll miss most in-the-wild API attacks and also limits your ability to determine user intent. With our AI-powered cloud-scale big data architecture and long analysis windows, we have unparalleled insights across trillions of API calls over time to capture attacker reconnaissance activity.

“By integrating those learnings into the supervised portions of our ML models, and delivering these new threat protection and discovery capabilities, we enhance the value we deliver to organisations to understand their API ecosystem and quickly and accurately identify and stop API attacks.”

According to the Q1 2023 State of API Security Report, nearly 80% of API attacks come from seemingly legitimate users who have maliciously achieved the proper authentication.

To identify and defend against these types of attacks, organisations must monitor their APIs’ behaviours in production over time. The scale of the Salt customer base, the length of time the Salt AI algorithms have had for learning and the long analysis windows Salt offers provide the Salt platform with unique abilities in API discovery and inventory, attack detection and remediation insights gleaned in runtime.