DevSecOpsFeaturedLet's TalkSecurityVideo

Salt Security Expands Partnership With CrowdStrike For API Security | Ori Bach

In this episode of TFiR: Let's Talk, Salt Security Executive Vice President of Product Ori Bach, talks about the company’s expanded partnership with CrowdStrike and shares his insights on the ever-changing API security landscape.
Swapnil BhartiyaBy 888 views
0

Guest: Ori Bach (LinkedIn)
Company: Salt Security (Twitter)
Show: Let’s Talk

Salt Security has a long-standing relationship with CrowdStrike, an innovative leader within the security space. It recently announced that it is integrating its Salt Security API Protection Platform with CrowdStrike Falcon Platform, providing customers with a wider view of API security risks and unique insights into the application-layer attack surface.

In this episode of TFiR: Let’s Talk, Salt Security Executive Vice President of Product Ori Bach, talks about the company’s expanded partnership with CrowdStrike and shares his insights on the ever-changing API security landscape.

On integrating with the CrowdStrike platform:

  • Salt Security identifies specific threats from an API perspective: how threat actors are targeting you, how you need to strengthen your defenses, how to respond to these attacks. Once Salt Security identifies accurate telemetry, it feeds that into the CrowdStrike ecosystem, which increases response capability, because that attack may have other aspects that are not API specific.
  • This helps security teams, because they are looking to standardize this stack of technology. It shortens the time to value. It’s easier to consume. It’s low effort. It’s better risk management because it provides the bigger picture, not just the API, but other security aspects. It increases operational value.

On the impact of AI technologies:

  • It makes detection and learning capabilities better. There are significant opportunities to be more accurate in detecting fraud activity and in identifying legitimate activity.
  • There is a significant increase in the number of new APIs being released because their customers’ developers are using AI. While this technology is being operationalized at customers’ sites, it’s also a security challenge. These are new types of attack surfaces that need to be monitored.
  • There is specific interest in understanding API traffic that is going out to AI applications, i.e., what sensitive data is going out to those applications and how AI is being leveraged within the internal APIs of an enterprise.
  • While it is helping customers accelerate what they do, it is driving Salt Security to become faster in terms of 1) identifying new attack vectors that are created by this technology, 2) managing it and teaching it to build safer code, because AI is a learning algorithm.

On the API security posture of organizations today:

  • Some shops are very mature and have gotten a handle on it.
  • Some organizations that Salt Security has talked to have spent a lot of time and energy in digital transformation, they’ve moved to an API-first architecture, and have accelerated their ability to deliver value to their customers.
  • There are those that are struggling with the basics: they don’t know what APIs they have, they need help writing a policy, they need help identifying high-level gaps, or they have very limited capacity and can only do one out of all of the insights that Salt Security can provide.
  • Short answer: the landscape is changing, but the level of maturity is still relatively low.

On what drives the API security maturity level of an organization:

  • Business drivers: A company identifies something is business critical, so they spend time on API security. If it was formed in the last 5-7 years and, in general, built its business on APIs, usually they would be more mature. Those that are just completing their digital transformation are less mature.
  • An attack: There have been some high-profile attacks out there and some of them have hit the news. This forces an organization to drastically mature what they’re doing for this specific space. They bring in outside talent, consultants, and the right tooling, and they become mature very fast.

On current cyberattack/cyber warfare trends:

  • Salt Labs, the research arm of Salt Security, identified a new attack vector that allows threat actors to take over accounts using social logins. Some of the largest enterprises in the world actually implemented their authentication in a way that would make them vulnerable to this problem.
  • There was an increase in attacks when the war in Ukraine happened.
  • There was an increase in attacks when the conflict in the Middle East happened.
  • There is an increase in the level of sophistication and the intensity of those attacks.
  • There is progress in the maturity of the defenders and the ability to put effective controls. Where you want to be is not to have an attack and respond to it, but you want to reduce the attack surface and become an unattractive target.
  • The cybercrime economy is very successful.
  • Protecting legacy applications is extremely hard. It is really a challenge to put controls in place or to identify some of those attacks and respond to them. An API architecture and an API-first approach is actually easier to secure, update and monitor.

On the types of threat actors:

  • The ones that are economically motivated: just trying to find the very simple vulnerability, just scanning for zombie or rogue API points.
  • The very opportunistic ones who would go target by target. They try to map out and test different things and go after soft targets. And it’s not incredibly sophisticated.
  • Targeted attackers: they do business logic attacks, they find flaws in how your applications and APIs are built. There’s been a higher level of sophistication in the past 2 years. They employ a lot more AI and automation to scale out those attacks.

This summary was written by Camille Gregory.

You may also like