Salt Reviews

The product has been instrumental in helping us resolve attacks and better understanding vulnerabilities. The responsiveness from Salt team is great.

Better root cause findings when issues are identified. However, the product is consistently getting better.

Helping determine API vulnerabilities and prevent attacks.

First of all, the entire Salt team is a pleasure to work with. They are always responsive and are always eager to assist. Secondly, the Salt Security is the creme de la creme of API security tools. It does so much, and is a valuable tool in assisting with keeping our APIs safe.

There is nothing that I dislike about this too.

Salt Security is solving the issue of API security. As our organization starts to utilize APIs a lot more, we realized that there was a gap in monitoring those APIs. Now that we have brought on Salt, we can rest easy that our APIs are being monitored and protected.

we have a centralized view of the APIs and we have alerts generated for events that are not common that could be attacks in our enviroment

Salt could generate some detailed reports and also have some link on OAS to show how to fix those appointments

The visibility of our APIs and alerting us when something different is happening in our enviroment

Facility on your use; integration with Splunk.

Needs some kind of programmatic configuration.

Centralized managed of ours API endpoints attacks.

Extensive hands on support to get the tool working and beyond. Simplicity of dashboards while giving lots of info.

Tagging is inconsistent through dashboards

Cloudflare WAF (even with API security) was severly lacking. Salt was the best solution we found to cover this security gap.

Salt has been very informative about our public API endpoint use. We are seeing data that we weren't previously aware of and it has helped shape priorities.

We would like to see specific data about which hosts are targeted as part of the alert in the UI and alerts to our webhook.

With Salt we have an awareness of API endpoint inventory and potential threats to those endpoints.

Identify traffic that deviates from observed patterns and PII not supposed to flow.

A report module is not available yet, but it's included in the product roadmap.

It provides us good real-time visibility of our API traffic patterns, triggering useful alerts that help us identify unusual patterns. It also identifies parameters not included in the API documentation and potential PII that may not be openly flowing.

Salt is easy to deploy and allows instant visibility into your APIs.

In a very specific use case, we've had issues reading the custom API info into Salt.

Discovery into all of our APIs and monitoring traffic to those APIs. Finding sensitive data as well as any attack patterns.

Attack traffic is probably the most consulted screen, however the security insights, sensitive information screens and endpoint autodiscovery are all also very useful

I would like to see API compositions and other calls chains (sequences of APIs calling each other) stitched together graphically so the exact specific call chain that each API call was part of is super clear.

Identifying potentially malicious traffic, tightening up the handling of sensitive information, detecting improper use of authentication and other security details.

A very lightweight solution that builds upon existing integrations, a responsive and open-minded support team, and an easy-to-navigate product. Salt isn't trying to solve every problem; they've found a niche and have focused on tightly sealing that gap.

The product is still relatively new and missing quite a few bells and whistles. The SIEM logging integrations are missing native action logging, and we've had difficulties getting APIs going through a gateway to report correctly as unique items. However, Salt is a great partner and has been working with us through our requirements to improve the functionality that we need.

We have not yet finished our implementation, but Salt will help us better secure our APIs without having to rely on heavy customization of some of the larger WAF-like products that are built to protect traditional applications.