Armis Taps Salt Security to Automate API Discovery and Enable API Security
April 2021 by Marc Jacob
Salt Security announced that Armis, the agentless device security platform, has deployed the Salt Security API Protection Platform to secure its growing number of APIs. Armis, which integrates with an increasing number of devices and systems to help its customers manage risk, experienced an exponential growth in APIs with the onset of the global pandemic.
“As our customers embraced remote work because of the pandemic, we needed to rapidly and dramatically increase the number of integrations supported by our platform, which exponentially multiplied our overall API count within just a few months,” said Curtis Simpson, CISO of Armis. “Until then, we documented and tested our APIs manually, but we could no longer keep up. The Salt platform automates it all for us – discovering the APIs, identifying which ones expose sensitive data, pinpointing poorly written APIs that create unnecessary risk, and capturing the remediation details our dev teams need to improve our API security posture. By taking care of all our API security, Salt allows our developers to keep building new integrations rapidly without putting us or our customers at risk.”
Armis’ experience echoes the digital transformation, cloud adoption, and microservices trends that are driving organizations of all types to run more APIs, with richer functionality than ever. Hackers understand this dynamic and are increasingly targeting APIs. As a result, organizations struggle to manage the increased security risk – manual API documentation processes can’t keep up, existing tools such as Web Application Firewalls (WAFs) and API gateways don’t protect against API attacks, and relying solely on “shift left” practices of writing more secure APIs are leaving companies vulnerable.
Armis selected Salt Security for its ability to provide immediate security for all running APIs, dynamically and continuously discover all new and changed APIs, and stop API hackers before they successfully complete an attack. The dynamic approach from Salt also helps Armis meet its compliance and Federal contracting needs.
Along with discovering all internal, external, and third-party APIs, the Salt Security API Protection Platform provides granular details about the APIs, such as all parameters and sensitive data the APIs expose. This information helps customers like Armis better understand their API attack surface and assess risk. For Armis, the continuous discovery capability enables the company to maintain an accurate inventory and complete documentation of its APIs, despite the fact that most of its APIs change weekly.
“Armis is like a lot of other companies that have seen their use of and reliance on APIs skyrocket since the onset of the COVID-19 pandemic. Old security constructs don’t help in this new API-driven world, and the lack of API visibility and protection constitutes significant business risk,” said Roey Eliyahu, CEO and co-founder of Salt Security. “It’s gratifying to help Armis, by ensuring its APIs are compliant and secure, deliver world-class IoT security to its own customers.”