The security landscape is witnessing an unprecedented reliance on APIs. Now more than ever, organizations need comprehensive API security mechanisms that proactively detect and prevent threats. Salt Security, a pioneer in API security, along with Apigee delivers comprehensive API security that combines Salt’s AI-powered API discovery and runtime protection the robust with Apigee API gateway and traffic management capabilities.

Proactive Threat Prevention and Detection:

• Salt uses AI and ML to detect anomalies and potential attacks, identifying and blocking malicious API calls in real time.
• Apigee adds policy enforcement and AI-powered monitoring, further strengthening security by ensuring compliance and identifying common threats.

Enhanced Visibility and Control:

• The Salt platform automatically discovers all APIs, including shadow and deprecated ones, providing comprehensive visibility.
• Apigee acts as a single entry point, managing traffic and protecting APIs from abuse and ensuring fair usage.

Improved Incident Response:

• Salt provides detailed forensic analysis of API attacks, helping organizations understand attack vectors and improve their security posture.
• Apigee’s detailed analytics and monitoring capabilities allows organizations to gain insights into API usage patterns, performance metrics, and potential security threats.

This combined solution provides end-to-end API security, from discovery and threat detection to prevention and incident response, safeguarding sensitive data and ensuring the integrity of digital services in today’s dynamic threat landscape. Leveraging Apigee’s built on security, scalability, and reliability, the combined solution facilitates a more secure environment for API deployment and management.

“In today’s digital age, APIs are the backbone of modern applications. Protecting these critical assets is paramount,” said Roey Eliyahu, CEO of Salt Security. “Our integration with Google Cloud’s Apigee API Management platform seamlessly blends together each of our individualized expertise in API security into one powerful solution. Our collaborative approach is built on a foundation of security, scalability, and reliability, ensuring that businesses can confidently embrace the power of their APIs.”

The powerful synergy between Salt Security and Apigee creates a comprehensive API security solution. Salt Security’s threat detection expertise complements Apigee’s policy enforcement and traffic management, resulting in a robust and secure approach. Automated API discovery and efficient traffic management streamline operations, while detailed forensic analysis and analytics enable faster incident response. Salt’s API Posture Governance engine treats APIs as IT assets, facilitating comprehensive risk management and proactive security. This ensures the API landscape aligns with the organization’s overall posture governance strategies, enabling customers to prioritize remediation efforts and optimize the security of their most valuable resources.

To learn more about the Salt Security integration with Google Cloud’s Apigee API Protection Platform or to request a demo, please visit the website here.

Related News:

Salt Security API Protection Platform Enhancements Launched

OAuth Implementations Security Flaws Remedied with Salt Security

The post Salt Security Launches Integration with Google Apigee API Management appeared first on Digital IT News.

According to the Salt Labs State of API Security Report 2024, API security incidents more than doubled within the past 12 months. The research also found that API usage is rapidly accelerating, with two-thirds now managing over 100 APIs every day. Organizations continue to struggle to keep pace with the threats associated with expanding API ecosystems, along with trying to accurately comprehend their complex behavioral attributes.

Earlier this year, Salt became the first API security vendor to launch a posture governance engine, designed to deliver operationalized API governance and threat detection across organizations at scale. These innovative capabilities marked a revolutionary change for API security, enabling organizations to establish, educate and enforce API posture standards throughout the application and API lifecycle. Building on such innovation, Salt has further enhanced its capabilities in the posture governance domain and today introduces several new advanced features that are redefining next-generation application security. This includes the launch of:

• Panoramic Discovery with eBPF and Salt Surface: This extends governance visibility by improving the discovery of API traffic, vulnerabilities, and sensitive data, even in encrypted and complex environments.
• Salt Posture Governance Policy Hub: This allows organizations to establish and enforce API posture standards across the application lifecycle. It ensures that next-generation apps and GenAI initiatives comply with the best security practices.
• Full Lifecycle Posture Governance: Salt Security has updated its platform to help organizations extend API posture governance “left.” The platform now enables organizations to more easily capture security posture noncompliance and establish posture validation gates beyond production into an API’s design and test phases. This is achieved through new ecosystem enrichments, integrations, and enhanced in-platform posture validation functionality. This comprehensive approach ensures that Salt’s Posture Governance Engine empowers risk reduction at all stages of an API’s lifecycle.
• LLM-Powered Attacker Insights for Rapid Response: Salt’s custom-built Large Language Model (LLM) to translate complex attack patterns into clear, concise, actionable insights. This enables security teams to quickly understand the attacker’s identity, tactics, and intent, thus speeding up incident response and remediation efforts significantly.
• Novel Detection of Malicious Scanners, Bots, and Human Attackers: Salt Security employs innovative detection methods to differentiate traffic abnormalities originating from automated scanners, bots, and human attackers, accurately identifying whether traffic from these sources is malicious. This capability provides a comprehensive understanding of attack motivations, enabling security teams to prioritize and mitigate the most significant threats.

“Growing API ecosystems are making it increasingly challenging for companies to effectively monitor and track all activity within their API ecosystems, and quickly identify malicious intent,” said Roey Eliyahu, CEO of Salt Security. “At Salt, our mission is to provide organizations with the most comprehensive API security. An offering that not only provides rapid threat detection but also provides organizations with the means to proactively improve their posture to plug security gaps before they can be exploited. Our latest platform innovations build on this, providing customers with additional visibility into their API traffic and the AI-powered insights required to quickly mitigate threats.”

To learn more about the Salt Security API Protection Platform or to request a demo, please visit the website here.

Related News:

OAuth Implementations Security Flaws Remedied with Salt Security

Pepper, First AI-Powered Knowledge-Based Assistant Launched by Salt Security

The post Salt Security API Protection Platform Enhancements Launched appeared first on Digital IT News.

Today, OAuth is an important part of modern authorization frameworks, granting access to resources across different applications easily. However, vulnerabilities in OAuth implementations can create significant security risks. By implementing strong OAuth security controls, organizations can safeguard their users’ data, prevent unauthorized access to critical resources, and maintain user trust.

Salt Security’s recent investigation exposed several critical security flaws within the OAuth implementations of popular ChatGPT plug-ins. ChatGPT plugins enable ChatGPT to interact with the outside world and third-party websites like Google Drive, GitHub, Emails, and more. Beyond this most recent example of OAuth threats with ChatGPT, the Salt Labs team found several other OAuth-specific exploitable vulnerabilities within Booking.com, Grammarly, Vidio.com, and Expo/CodeCademy, indicating the critical need for tools to help find and mitigate these types of risks before attackers can take advantage. These real-world examples underscore the importance of robust security measures to thwart sophisticated OAuth attack tactics before they can inflict significant damage.

With these new capabilities, the Salt platform will address:

• Access Token and Authorization Code Theft: Vulnerabilities in OAuth systems can leave access tokens or authorization codes susceptible to theft. Attackers can leverage those stolen elements to impersonate legitimate users and gain unauthorized access to sensitive resources and applications.
• Increasing OAuth Attacks: OAuth has been in widespread use for over a decade but we have seen attacks on the rise. This is caused by organizations’ increased usage of APIs and microservices making OAuth even more popular while increasing the complexity of securing it. Attackers have taken advantage of this by crafting specific OAuth-based attacks with continuing attempts to find additional OAuth vulnerabilities to exploit.

Salt Security’s OAuth Protection Package provides robust OAuth defenses that help organizations achieve several critical security objectives. With these enhancements, customer accounts, intellectual property and authorization tokens will be shielded from malicious actors who are tirelessly at work attempting to exploit vulnerabilities in OAuth implementations.

In fact, within just five days of the OAuth protection package being deployed for Salt customers, it detected an OAuth vulnerability within a large financial institution. With the information on the detection, the customer was able to rapidly fix the vulnerability, preventing it from being exploited by threat actors.

“Organizations that demonstrate a commitment to robust security practices foster user confidence and enhance brand reputation, leading to stronger customer relationships and a competitive edge in the marketplace,” said Yaniv Balmas, Vice President of Research, Salt Security. “With the rise in OAuth specific vulnerabilities, it is vital for organizations to incorporate robust security measures to thwart sophisticated OAuth attack tactics before they can inflict significant damage. By implementing strong OAuth security controls, organizations can safeguard their users’ data, prevent unauthorized access to critical resources, and maintain user trust.”

Salt Security’s unwavering commitment to research and development ensures that its solutions remain effective against emerging OAuth attack techniques. Salt’s proactive approach keeps businesses a step ahead of evolving threats, allowing them to operate with greater confidence and agility.

To learn more about critical security flaws within the OAuth implementations and how Salt Security’s protection package can empower organizations or to request a demo, visit the website here.

Related News: 

Pepper, First AI-Powered Knowledge-Based Assistant Launched by Salt Security

Salt Security Discovers Flaws within ChatGPT Plugins

The post OAuth Implementations Security Flaws Remedied with Salt Security appeared first on Digital IT News.

Pepper can be used as customers’ all-knowing personal assistant to both API security and the Salt platform. Customers will have the ability to ask Pepper any question in natural language, and it will utilize intelligent generative AI to craft a personalized, pinpointed answer to a query. The knowledge-based assistant will provide clear and concise responses to user’s questions, streamlining security efforts. In addition, Pepper will point users to relevant articles, documents, and resources instantly, saving hours in manual search time. With access to these functions, security teams will no longer struggle with information overload. Pepper has also been incorporated directly into the Salt dashboard, allowing users to find resources and launch in-product walk-throughs easily.

Launching the AI-powered knowledge-base search will lower query resolution timelines dramatically compared to historic manual searches. The Salt Security team has recorded significant efficiency gains when utilizing the new assistant. Customers can experience up to a 91% decrease in the time it takes to find actionable data and outputs that resolve queries.

“Going to a vendor’s knowledge-base is often the first place practitioners go to get their product deployed or troubleshoot issues,” said Eric Schwake, Director of Cybersecurity Strategy, Salt Security. “Even with advanced search tools, historically, knowledge-based tools have struggled to find relevant content quickly, and navigating such technology can be frustrating. At Salt Security, not only do we want to make our customers’ job of securing their APIs easier, but we also want to streamline access to the guidance they require, in a friendlier and more efficient way. Pepper was designed with this in mind and we are thrilled to announce its availability to customers.”

Some key benefits of having an AI assistant like Pepper:

• Time Saving: Instead of spending hours searching, customers are served with a personally crafted answer pinpointed to your question.
• Boost in Productivity: Focused answers to the task at hand to pinpoint what you are looking to achieve, quickly.
• Increased knowledge access: Ability to access the knowledge you need without having to wade through tedious articles and searches.
• Make informed decisions: Receive quick and accurate answers to help customers make confident choices.

Salt Security continues to embrace the power of AI/ML, beyond its patent to help customers best utilize the investment they have made with the company. The AI powered knowledge-base will make Salt Platform operators more efficient in their day-to-day work.

To learn more about Salt Security and AI-powered assistant, Pepper, or to request a demo, please visit the website here.

Related News:

Salt Security Discovers Flaws within ChatGPT Plugins

SQream Integrates with Dataiku for Advanced Big Data Analytics Technology

The post Pepper, First AI-Powered Knowledge-Based Assistant Launched by Salt Security appeared first on Digital IT News.

• Gain control of an organization’s account on third-party websites
• Allow access to Personal Identifiable Information (PII) and other sensitive user data stored within third party applications

ChatGPT plugins extend the model’s abilities, allowing the chatbot to interact with external services. The integration of these third-party plugins significantly enhances ChatGPT’s applicability across various domains, from software development and data management, to educational and business environments. When organizations leverage such plugins, it subsequently gives ChatGPT permission to send an organization’s sensitive data to a third party website, and allow access to private external accounts. Notably, in November 2023, ChatGPT introduced a new feature, GPTs, an alike concept to plugins. GPTs are custom versions of ChatGPT that any developer can publish, and contain an option called “Action” which connects it with the outside world. GPTs pose similar security risks as plugins.

The Salt Labs team uncovered three different types of vulnerabilities within ChatGPT plugins.

The first of which was noted within ChatGPT itself when users install new plugins. During this process, ChatGPT redirects a user to the plugin website to receive a code to be approved by that individual. When ChatGPT receives the approved code from a user, it automatically installs the plugin and can interact with that plugin on behalf of the user. Salt Labs researchers discovered that an attacker could exploit this function, to instead deliver users a code approval with a new malicious plugin, enabling an attacker to automatically install their credentials on a victim’s account. Any message that the user writes in ChatGPT may be forwarded to a plugin, meaning an attacker would have access to a host of proprietary information.

The second vulnerability was discovered within PluginLab (pluginlab.ai), a framework developers and companies use to develop plugins for ChatGPT. During the installation, Salt Labs researchers uncovered that PluginLab did not properly authenticate user accounts, which would have allowed a prospective attacker to insert another user ID and get a code that represents the victim, which leads to account takeover on the plugin. One of the affected plugins is “AskTheCode”, that integrates between ChatGPT and GitHub, meaning by utilizing the vulnerability, an attacker can gain access to a victim’s GitHub account.

The third and final vulnerability uncovered within several plugins was OAuth (Open Authorization) redirection manipulation. Similar to pluginlab.ai, it is an account takeover on the ChatGPT plugin itself. In this vulnerability, an attacker could send a link to the victim. Several plugins do not validate the URLs, which means that an attacker can insert a malicious URL and steal user credentials. Like the case with pluginlab.ai, an attacker would then have the credentials (code) of the victim, and can take over their account in the same way.

Upon discovering the vulnerabilities, Salt Labs’ researchers followed coordinated disclosure practices with OpenAI and third-party vendors, and all issues were remediated quickly, with no evidence that these flaws had been exploited in the wild.

“Generative AI tools like ChatGPT have rapidly captivated the attention of millions across the world, boasting the potential to drastically improve efficiencies within both business operations as well as daily human life,” said Yaniv Balmas, Vice President of Research, Salt Security. “As more organizations leverage this type of technology, attackers are too pivoting their efforts, finding ways to exploit these tools and subsequently gain access to sensitive data. Our recent vulnerability discoveries within ChatGPT illustrate the importance of protecting the plugins within such technology to ensure that attackers cannot access critical business assets and execute account takeovers.”

According to the Salt Security State of API Security Report, Q1 2023, there was a 400% increase in unique attackers targeting Salt customers. The Salt Security API Protection Platform enables companies to identify risks and vulnerabilities in APIs before they are exploited by attackers, including those listed in the OWASP API Security Top 10. The platform protects APIs across their full lifecycle – build, deploy and runtime phases – utilizing cloud-scale big data combined with AI and ML to baseline millions of users and APIs. By delivering context-based insights across the entire API lifecycle, Salt enables users to detect the reconnaissance activity of bad actors and block them before they can reach their objective.

The full report, including how Salt Labs conducted this research highlighting critical security flaws within ChatGPT plugins and steps for mitigation, is available here.

Related News:

Menlo Security Unveils the First Cloud-delivered Secure Enterprise Browser

18 Artificial Intelligence Predictions for 2024

The post Salt Security Discovers Flaws within ChatGPT Plugins appeared first on Digital IT News.