Skip to main content
https://www.highperformancecpmgate.com/rgeesizw1?key=a9d7b2ab045c91688419e8e18a006621

Salt Security lands $70M for tech to protect APIs from malicious abuse

APIs make the world go round in tech, but that also makes them a very key target for bad actors: as doorways into huge data troves and services, malicious hackers spent a lot of time looking for ways to pick their locks or just force them open when they’re closed, in order to access that information. And a lot of recent security breaches stemming from API vulnerabilities (see here, here, and here for just a few) show just how real and current the problem is.

Today, a company that’s building a network of services to help those using and producing APIs to identify and eradicate those risks is announcing a round of funding to meet a growing demand for its services. Salt Security, which provides AI-based technology to identify issues and stop attacks across the whole of your API library, has closed $70 million in funding, money that it will be using both to meet current demand but also continue building out its technology for a wider set of services and use cases for API management.

The funding is being led by Advent International, by way of Advent Tech, with Alkeon Capital, DFJ Growth and previous backers Sequoia Capital, Tenaya Capital, S Capital VC, and Y Combinator all also participating.

Salt, founded in Israel and now active globally, is not disclosing valuation but I understand from a reliable source it that it is in the region of $600-700 million.

As with many of the funding rounds that seem to be getting announced these days, this one is coming on the heels of both another recent round, as well as strong growth. Salt has raised $131 million since 2016, but nearly all of that — $120 million, to be exact — has been raised in the last year.

Part of the reason for that is Salt’s performance: in the last 12 months, it’s seen revenue grow 400% — with customers including a range of Fortune 500 and other large businesses in the financial services, retail and SaaS sectors like Equinix, Finastra, TripActions, Armis, and DeinDeal; headcount grow 160%; and, perhaps most importantly, API traffic on its network grow 380%.

That growth in API traffic underscores the issue that Salt is tackling. Companies these days use a variety of APIs — some private, some public — in their tech stack as a way to interface with other businesses and run their services. APIs are a huge part of how the Internet and digital services operate, with Akamai estimating that as much as 83% of all IP traffic is API traffic.

The problem, Roey Eliyahu, CEO and co-founder of Salt Security told me, is that this usage has outpaced how well many manage those APIs.

“How APIs have evolved is very different to how developers used APIs years ago,” he said. “Before, there were very few, and you could say they were more manageable, and they contained less sensitive data, and there were very few changes and updates made to them,” he said. “Today with the pace of development, not only are they always getting updated, but you have thousands of them now touching crown jewels of the company.”

This has made them a prime target for malicious hackers. Eliyahu notes Gartner stats that predict that by 2022, APIs will make up the largest attack vector in cybercrime.

Salt’s approach starts with taking stock of a whole network and doing a kind of spring clean to find all the APIs that might be used or abused.

“Companies don’t know how many APIs they even have,” Eliyahu said, noting that there some 40%-80% of the APIs in existence for a typical company’s data are not even in active operation, lying there as “shadow APIs” for someone to pick up and misuse.

It then looks at what vulnerabilities might inadvertently be contained in this mix and makes suggestions for how to alter them to fix that. After this, it also monitors how they are used in order to stop attacks as they happen. The third of these also involves remediation “insights”, but carrying out the remediation is done by third parties at the moment, Eliyahu said. All of this is done through Salt’s automated, AI-based, flagship Salt Security API Protection Platform.

There are a number of competitors in the same space as Salt, including Ping, and newer players like Imvision and 42Crunch (which raised funding earlier this month), and the list is likely to grow as not just other API management companies get deeper into this huge space, but cyber security companies do, too.

“The rapid proliferation of APIs has dramatically altered the attack surface of applications, creating a major challenge for large enterprises since existing security mechanisms cannot protect against this new threat,” said Bryan Taylor, managing partner and head of Advent’s technology team, in a statement. “We continue to see API security incidents make the news headlines and cause significant reputational risk for companies. As we investigated the API security market, Salt stood out for its multi-year technical lead, significant customer traction and references, and talented team. We look forward to drawing on our deep experience in this sector to partner with Salt in this exciting new chapter.”

Comments

Popular posts from this blog

Uber co-founder Garrett Camp steps back from board director role

Uber co-founder Garrett Camp is relinquishing his role as a board director and switching to board observer — where he says he’ll focus on product strategy for the ride hailing giant. Camp made the announcement in a short Medium post in which he writes of his decade at Uber: “I’ve learned a lot, and realized that I’m most helpful when focused on product strategy & design, and this is where I’d like to focus going forward.” “I will continue to work with Dara [Khosrowshahi, Uber CEO] and the product and technology leadership teams to brainstorm new ideas, iterate on plans and designs, and continue to innovate at scale,” he adds. “We have a strong and diverse team in place, and I’m confident everyone will navigate well during these turbulent times.” The Canadian billionaire entrepreneur signs off by saying he’s looking forward to helping Uber “brainstorm the next big idea”. Camp hasn’t been short of ideas over his career in tech. He’s the co-founder of the web 2.0 recommendatio...

Drone crash near kids leads Swiss Post and Matternet to suspend autonomous deliveries

A serious crash by a delivery drone in Switzerland have grounded the fleet and put a partnership on ice. Within a stone’s throw of a school, the incident raised grim possibilities for the possibilities of catastrophic failure of payload-bearing autonomous aerial vehicles. The drones were operated by Matternet as part of a partnership with the Swiss Post (i.e. the postal service), which was using the craft to dispatch lab samples from one medical center for priority cases. As far as potential applications of drone delivery, it’s a home run — but twice now the craft have crashed, first with a soft landing and the second time a very hard one. The first incident, in January, was the result of a GPS hardware error; the drone entered a planned failback state and deployed its emergency parachute, falling slowly to the ground. Measures were taken to improve the GPS systems. The second failure in May, however, led to the drone attempting to deploy its parachute again, only to sever the line...

How the world’s largest cannabis dispensary avoids social media restrictions

Planet 13 is the world’s largest cannabis dispensary. Located in Las Vegas, blocks off the Strip, the facility is the size of a small Walmart. By design, it’s hard to miss. Planet 13 is upending the dispensary model. It’s big, loud and visitors are encouraged to photograph everything. As part of the cannabis industry, Planet 13 is heavily restricted on the type of content it can publish on Instagram, Facebook and other social media platforms. It’s not allowed to post pictures of buds or vapes on some sites. It can’t talk about pricing or product selection on others.   View this post on Instagram   A post shared by Morgan Celeste SF Blogger (@bayareabeautyblogger) on Jan 25, 2020 at 7:54pm PST Instead, Planet 13 encourages its thousands of visitors to take photos and videos. Starting with the entrance, the facility is full of surprises tailored for the ‘gram. As a business, Planet 13’s social media content is heavily restricted a...