Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 27 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Giving API Security the spotlight

In conversation with Michelle McLean, VP of product marketing at Salt Security

by Guru Writer
July 13, 2022
in Featured, Features
Michelle McLean
Share on FacebookShare on Twitter

IT Security Guru recently sat down with Michelle McLean, VP of product marketing at Salt Security, to learn more about API security as its own discipline and how it supports cyber resiliency in large enterprises on their digital transformation journeys. 

Michelle started her career working as a technology journalist for almost a decade and has since held marketing leadership roles in a variety of enterprise security and software companies, as well as an advisory role at META Group. She’s recognised that the majority of businesses today, even more so since the pandemic happened, are fuelled by applications and these are built on Application Programming Interfaces (APIs) for the transmission and retrieval of data. This, she says has led attackers to get through more traditional security defences that typically protect applications, like web application firewalls, to attack the APIs themselves. 

“Those kinds of security devices see a single snapshot at a time and they look for known patterns of bad, so they can stop that known pattern of bad. But with APIs, bad actors attack differently,” she said. “They’re trying to figure out your API and they’re trying to look for a business logic gap. Maybe you ask for authentication at the beginning, but then in a later request you don’t ask for authentication, or you don’t ask for authorisation and so threat actor manipulates what they’re doing in the API call and they get data they shouldn’t have access to. Many well-known API attacks in the US such as those on Experian and Peloton were done via the API.” 

Detecting attacks on APIs is therefore far more nuanced and requires deep context and richer information to remediate. This is an area where Salt Security stands out because its architecture is built on cloud-scale big data that provides the whole picture needed to correlate an attacker’s reconnaissance efforts and say, “we have a problem”.  

“Salt is focused on applying really rich information and context across the API life cycle to protect APIs. We do full discovery: what are the APIs that are running? what sensitive data do they expose? We baseline what constitutes “normal” and so bad traffic always stands out even if it’s a tiny, tiny percentage. But you need to find the manipulations, as well as the reconnaissance activity of the bad actors to be able to find it. That’s where Salt really shines- at finding those run-time attacks,” Michelle explained. 

“We store data over days and weeks. API attacks unfold over a really long period of time, so if you only see a finite amount of data, you’re going to miss 95% of the attacks that happen in a given time period,” she continued. “You need to see way more data and have a very rich understanding of the whole picture. By knowing what a bad actor did an hour ago, a day ago, a week ago, along with being able to correlate it in real time is how you find these kinds of attacks.” 

Another focus area in security is “shift-left”, which describes the process of doing things better and more securely from the start in order to shorten the cyber kill chain. For Salt, this means helping customers write better APIs and making them more secure over time, something which is vital to large organisations in financial, retail, pharmaceutical and medical industries that process huge amounts of valuable data through APIs. 

As organisations continue to digitise at scale, Michelle encourages young people to join the cybersecurity industry, noting the well-known shortage of well-trained people.  

“I think it’s one of the most exciting and honestly one of the most inclusive and diverse communities in tech, which I find very promising. However, let’s have reasonable expectations around how we bring more people into the industry; rather than having a very high bar of university degree, and X number of experiences, bring people in and train them. We can absolutely do that.  

“There’s constant innovation. If you think about how bad actors keep evolving with their own creativity and how the industry in turn keeps evolving to keep up and stay ahead – I think the cycle of innovation is very exciting,” Michelle concluded. 

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Outpost24 acquired by Vitruvian Partners

Next Post

FTC to Crack Down on Illegal Sharing of Citizen’s data

Recent News

Synopsys discover new vulnerability in Pluck Content Management System

Synopsys discover new vulnerability in Pluck Content Management System

March 24, 2023
Dole Food Company

Dole confirms employee data was breached following February ransomware attack

March 24, 2023
call centre

MyCena Improves Customer Data Access Protection in Call Centers and BPOs

March 23, 2023
Blue logo, capitalised letters. SPECOPS.

Fortune 500 Company Names Found in Compromised Password Data

March 23, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information