TripActions Selects Salt Security to Protect the APIs Driving its Cloud-Based Corporate Travel Management Platform
July 2021 by Marc Jacob
Salt Security, announced that TripActions, the fastest-growing travel and spend management platform, has deployed the Salt Security API Protection Platform to secure the APIs that underlie its platform. The continuous discovery capabilities of the Salt platform have enabled TripActions to identify future API risks and exposed data. The platform has also delivered remediation insights into potential vulnerabilities that the company can use to improve its API security posture.
As a global leader in corporate travel and spend management, TripActions transitioned operations quickly with the onset of the COVID-19 pandemic to adjust to a quickly evolving travel industry. First the company ensured that it was able to help customers and their families return home quickly and safely. Then it augmented operations to encompass extensive safety services as well as enhanced enterprise features such as real-time analytics. Those changes drove a rapid expansion of its API footprint. The company also used the opportunity to launch its latest application, TripActions Liquid™, a new all-in-one travel and expense management solution. This platform launch formalized the company’s foray into the FinTech market, further increasing its reliance on APIs. Throughout these expansions, Salt Security enabled TripActions to ensure its APIs were secured across build and runtime and that the protection would scale with its platform’s growth.
“Last year brought a major shift in the needs of our customers, which inspired us to launch creative new services. With APIs as part of the very foundation of TripActions, platform expansion created a broader attack surface, along with the corresponding potential for risk and exposure,” said Tarik Ghbeish, product security engineer, TripActions. “Traditional tooling such as WAFs and gateways are not able to stop API attacks. Salt Security brings unique capabilities to find and stop API attacks. It also provides rich discovery of our APIs and exposed data – all at the comprehensive scale we need.”
The Salt Security API Protection Platform provides API-first companies with comprehensive coverage across all their APIs, offering the valuable analysis, context, and remediation insights needed to secure APIs against threats. Its patented artificial intelligence (AI) and big data engine is able to identify the early indicators of an attack, stop attackers from advancing, and turn attackers into penetration testers, providing valuable feedback used to identify and eliminate vulnerabilities so that sensitive data is not being exposed. The Salt platform has been particularly effective assisting TripActions in identifying and securing shadow APIs, detecting attackers, and gaining remediation insights to help improve API security posture on a continuous basis.
“TripActions’ innovative capabilities bring corporate travel, finance, billing, and expense management into a single platform. As the company has scaled its applications to meet the demands of the changing business landscape, its platforms – like with most companies driving digital innovation – become increasingly reliant on a quickly growing number of APIs,” said Roey Eliyahu, CEO and co-founder of Salt Security. “Many innovators are faced with this challenge of ever-growing API-connected ecosystems, which hackers are increasingly targeting as a lucrative treasure trove. Salt Security makes it possible to stop attackers in their tracks while remediating exposures and vulnerabilities that can emerge when developing application environments to eliminate blind spots and create sustained improvements in an organization’s security program.”