Securing your innovation

The rich API context you need for robust discovery, attack prevention, and shift left.

Tegra provides complete API security through SALT Security

Tegra API Security section2

What sets SALT API Security apart?

Tegra API Security Section3 1


SALT Security is the only platform with the rich context needed to stop today’s sophisticated attacks.

Tegra API Security Section3 2


More Fortune Global 500 companies and disruptors are served by SALT than by any other provider.

Tegra API Security Section3 3


SALT Security has been on the market the longest, with the richest feature set and most mature platform.

Tegra API Security Section3 4


SALT Labs is the industry’s only security research team focused on API security.

tegra API Security section4 tegra API Security section4 Mobile

The SALT Security Labs mission

SALT Security Labs furthers the broader SALT Security mission of enabling innovation through APIs by educating the broader market on the latest API threats. Our research includes finding API vulnerabilities in the wild, documenting the tactics of threat actors, and helping organisations avoid or remediate the risk.

API security research is in our DNA – it’s how Roey and his team first identified the need for a new generational security platform, one that could identify and stop API attacks. SALT Labs’ research educates practitioners on API security incidents and the missteps to avoid, making it safer for the world to innovate with APIs.

tegra API Security section5

Why SALT API Security?

With SALT Security, Tegra provides context-based security for all your APIs

Only SALT Security delivers the context you need to protect your APIs across the build, deploy, and runtime phases. We combine complete coverage and an ML/AI-driven big data engine to provide that context – to show you all your APIs, stop attackers during the early stages of an attempted attack, and share insights to improve your API security posture.

Attacks have changed – and they are easy to miss

Bad actors now target business logic vulnerabilities in your APIs. But since your APIs are unique, it takes them days, weeks, or even months to probe and learn your APIs. They use “low and slow” techniques that WAFs, gateways, and other traditional tools can't detect, leaving you vulnerable.

One and done

Single API call - seconds to minutes Known attacks - SQLi, XSS, etc.

Tegra api security section6 1
Tegra api security section6 2

Low and slow

Sequence of API calls - days to week Business logic attacks - requires context

Tegra api security section6 3

“Advanced API security with strong attack prevention.
SALT Security worked well both in the cloud and on-premises.”

- Infrastructure and Operations (Gartner Peer Insights)

Tegra api security section8

Everyone says they do API security

Legacy and adjacent tools are trying to pivot

Vendors of all stripes are claiming to do API security in order to stay relevant, enter a hot space, or expand their reach. You've got the tough job of sorting through all the noise – you need to get clear on what API security really is and the architecture needed to do it right.

APIs are a top target

APIs are built expressly to share a company's most valuable data and services. That makes them a lucrative target for bad actors. We've already hit the tipping point – APIs are now THE way in.

salt security api protection platform

The SALT Security API Protection Platform

Rich context is required for effective API security

What sets SALT and Tegra apart is its ability to analyse your API traffic over days, weeks, and even months, applying cloud scale and mature algorithms to your API traffic. We see more than anyone else, so we stop more attacks than anyone else.

You get:

  • Better discovery – with smart aggregation of APIs vs. a long list of duplicated endpoints
  • Better runtime protection – with insights spanning months of API usage patterns to spot and stop more attacks attacks
  • Better shift left security – with pre-production API testing tailored to your APIs and runtime remediation insights insights

“Small but mighty, growing powerfully, it scales easily with you. Sped up our development velocity.”
- Enterprise Architect (Gartner Peer Insights)

The SALT API Security Platform

The SALT Security API Protection Platform keeps your modern applications' APIs safe. The platform collects API traffic from all of your applications and uses AI/ML and a cloud-scale big data engine to find all of your APIs and the data they expose, stop attacks, and get rid of API vulnerabilities by scanning and testing during the build phase and learning how to fix them during runtime.

Tegra API Security section11

Tegra, with the use of SALT Security, provides immediate value

Tegra api security section12
Tegra api security section13 1

Seamless deployment

No agents; no code changes; no configuration. Nothing is inline, so there is no application impact.

With more than 60 ways to get a copy of your API traffic, we fit all your API types – internal, external, and third-party – and all your formats, including REST, GraphQL, and SOAP.

Tegra api security section13 2

The only patent for blocking API attacks

Our patented API Context Engine (ACE) architecture baselines your environment and identifies anomalies. It looks for a pattern of suspicious activity and consolidates activities into a single attacker’s timeline, reducing false positives and eliminating 96% of alerts.

Tegra api security section14

SALT API Security: complete coverage, fuelled by rich context


Only Tegra, together with SALT Security, provides intelligent aggregation and consolidation of your API inventory.

  • Update inventory automatically and continuously
  • Highlight “shadow” (unknown) and “zombie” (outdated) APIs
  • Pinpoint APIs that expose sensitive data

Runtime protection

Only SALT Security and Tegra track users over days, weeks, and months to understand today’s drawn-out API attacks.

  • Tap cloud-scale big data to establish baseline users and APIs over time
  • Identify anomalies and distinguish mistakes from attacks
  • Block attackers, not attacks – either manually or automatically

Shift-left practises

Only the SALT Security and Tegra team uses what it learns from bad actors' small successes in runtime to figure out how to fix things.

  • Analyse OAS/Swagger files for vulnerabilities
  • Test APIs in pre-production, tuning attack simulations to the discovered APIs
  • Pinpoint APIs that expose sensitive data