 Hi, this is Yoastapil Bhartiya and welcome to TFR newsroom and today we have with us once again Uri Bach Executive Vice President of Product at Salt Security, Uri. It's great to have you back on the show. Great, great being back Thank you. And today we are going to talk about Salt Security's integration with CrowdStrike Before we of course deep dive into this partnership or you know integration Let's quickly talk about Salt Security from modern world The kind of challenges it's facing when it comes to security and what role is Salt playing there and then we'll see the rule of CrowdStrike. So Salt Security Is really all about helping people that develop software enjoy the huge benefit of Modern frameworks such as API first micro services Without taking additional risk. So we want them to develop quickly We want them to be efficient. We want them to be able to provide value to their customers And our job is to make sure that they do not expose themselves to any security risk as they're doing that And there's definitely a lot of activity and interest by Fred actors in API is a way to To steal data as a way to cause damage So there's a lot I think today Awareness that this is another aspect of risk That needs to be carefully managed when it comes to partnership with the crowd is strike This is not the first time can you just quickly give us a kind of you know an overview of you really existing Relationship and then we'll talk about extension or expansion expansion of this partnership We've had a long-standing relationship with CrowdStrike obviously an innovative leader within the security space At some point that relationship actually evolved into them investing in Salt Security And for us, it's a it's an amazing validation That an emerging company Of our size is able to garner the interest and have the the faith of a significant player Probably the significant player in the security market with CrowdStrike And that relationship helped us increase our reach be able to reach a wider customer base Expand our own visibility into the bigger security for at landscape And really what we've done recently is take that relationship to the next level By helping operationalize API security with closer integration with CrowdStrike. So we at Salt Security I believe do a good job of telling you here are specific threats that you should care about from an API perspective Here's how threat actors are targeting you here's how you need to strengthen your defenses Here's how you need to respond to certain things However, as you as you know probably better than anyone it's a team sport, right? Nobody's looking to have a security tool. They're having they're looking to have a security program and you're looking for Security tools to work for them within their environment They're not looking for those things to be stand alone. And really what we've done with with CrowdStrike is once we're able to identify Accurate telemetry. Hey, here's some threat activity here are some threat actors that are actually targeting you We feed that into the CrowdStrike ecosystem and that really unlocks Amazing capability in order to be able to respond to it and that attack may also have other aspects that are not API specific Which CrowdStrike doesn't have visibility into and we've really gotten feedback from customers This has really increased the operational value our ability to respond things It's made our teams very comfortable with the technology because we're already comfortable CrowdStrike And we know how that we have playbooks and we know how to operate within the CrowdStrike ecosystem And having salt telemetry as part of that Is just something that's a lot. It's very valuable from an operational perspective Can you also talk about we discussed this in our last interview as well? Emerging threats that you are seeing there. We've actually Have recently published. I believe since we last talked some Really interesting research where salt labs. That's the research Arm of salt security was able to identify a new attack vector that allows Fred actors to take over accounts using oaf specifically social logins and For me that was interesting not just because of the technicality of it Just because of the company's being impacted. So if you read our research Some of the largest enterprise in the world Actually implemented their authentication in a way that would make them vulnerable to this problem So it's not a theoretical problem It's a real problem and it's a real problem of very large companies very secure work companies It was very interesting for us just because API is an emerging space Even mature security shops don't always have the right types of protections and controls in place in order to Prevent Fred actors from coming in and Fred actors are aware of that So of course they would go in and do and then try to target areas that are less mature from a security perspective and when we talk about API security, I also want to talk about one of the hottest or at least the most talked about technology these days Which is genetic AI and that is going to be all API driven Talk about let's talk about Genetic I also at the same time a lot of organizations a lot of companies security companies They have started to leverage entity AI in their products also of course it still needs human intervention But let's look at Genetic I from both perspective As a protecting genetic AI and using genetic AI to protect first of all We are heavily invested in different AI technologies and we look at it from three different aspects. First of all, can it make Our detection capabilities are learning capabilities better and it can we're seeing significant Opportunities to actually be more accurate in detecting Fred activity In identifying legitimate activity. So that's one aspect for us is not new We've actually been leveraging this technology for a while The second and this is really interesting We are seeing a significant increase in the number of new API's being released And when we talk to our customer say, hey, how come you move from releasing free for new API's functionality's value for your customers In a month to two to twenty a hundred our developer using AI. So it's a lot easier today to develop Applications and specifically API. So we're actually seeing this technology being operationalized at customers, which is actually causing Giving them value of course more API's but it's also a security challenge, right? So you're moving from like having three new types of attack surfaces that you need to monitor in a month to having 20 60 a hundred And the third thing that we're seeing is there is specific interest in understanding API traffic that is either going out to AI applications Specifically what sensitive data goes out to those applications is it authorized, right? And also how AI is being leveraged within those Within the internal APIs of an enterprise it is a risk. It is a risk that security organizations are now trying to get a handle on so we are really seeing that be top of mind and really where it comes to Where we see that the huge impact of this technology It's actually helping our customers accelerate what they do and it's driving us to also be faster what we do, right? So we need to be faster in terms of identifying New attack vectors that are created by this technology being able to manage it being able to teach the AI Hey, this is how you build safer code, right? Which which is something that has an exercise that is actually easy to do because AI is a learning algorithm It's kind of a tricky question because we do live in a API driven or API centric world So when we look at modern kind of society or economy, it's all about APIs How much I mean we have done this in New reports, you know that you know organization not even prepared how prepared do you see organizations are today to deal with? you know API risk and how Mature their API security posture is so first of all like in all things there are you know different There are variations. We do see some shops that are very mature That really have got a handle on it But to be honest the majority of people that we talked to have spent a lot of time and energy in digital transformation They've moved to an API First architecture and accelerated their ability to deliver value to their customers and then there's oh We also need to handle security and they are sometimes that the question we get asked Can you tell me which API's I have because that would be the first thing that I need to know which is not? Certainly very mature. Can you help us write a policy, right? What should be the security policy that relates to API's? And then can you help us identify some high-level gaps? Like one of the basic things we're just on a call today and the customer is asking It's like if we do one thing and we are we have we have a very limited capacity What is that you saw would recommend that we do out of all of the insights that your platform can provide and really what we said Hey, let's start with the fact that sensitive data, which could be PII or PCI or back accounts or whatever it is Must be authenticated. So our system actually flagged the fact that you have that that is very easy target for attackers, right unauthenticated API endpoints with data that they can steal so please so we recommend that you take care of that Then I think and I think not everybody's there. It's like, okay. Now, let's operationalize Really Fred detection and response, right? So if if you're actually if you're being targeted, there is an attack You need to be aware of that attack You need to understand the attack and you need to to respond to the attacks But the short answer is and it is changing but the level of maturity Is still relatively low with many of the customers that we talked to when it comes to maturity Does it have to do with either the size of the company a scale of the company or the age of the company that newer companies? May but then there are a lot of companies who are born in the cloud native era They might be aware of this and then there may be a lot of companies who are still you may have a this is a mature come the meters Do you see any correlation when it comes to how mature their security posture is with the size and scale? Yeah, great question. We see two things that would drive a customer to be more mature and the first And we do live in an API driven economy if it is Company that was formed later years and in general built its business on API Usually they would be more mature because they're dealing with this problem for five years seven years now a lot of the companies that built their technology before and are just now completing the digital transformation to help take the critical application the one to have the most revenue I'm not talking about some outliers that suddenly becomes a business critical mission to secure APIs and those are less mature ones because When frankly just like everything right if you spend eight years doing something you're probably going to do it better Then if this is your first year the second thing that would drive maturity and that's unfortunate is an attack So we see Companies that we may have talked to a story thing was saying hey, it's not a big focus for us We're not where we haven't really mapped out that attack vector and then we get called in a Few months later and suddenly becomes a huge focus and we're seeing a lot of we're seeing a lot of expertise Being built. We're seeing the program really scale up and we're asking why and it said because we had an incident We felt the pain and now We're bringing in outside talent bringing consultants. We're putting in the right tooling and they become sure very fast So I think it's really those it's either like the preemptive business driver. You identify. Hey, this is a business critical thing for me I'm gonna spend time that takes time or you actually feel the pain and there have been some high Some high-profile attacks out there. Some of them have had the news that of course forces Any organization to drastically mature what they're doing for this specific space at one time? We also felt that cyber warfare will become a reality and you know companies started to prepare against that How right now we are going through two messy wars, you know in Europe How do you see? Cyber security or cyber warfare playing out there. We have seen an increase in attacks against First of all the war Ukraine happened. We've seen an increase in in attacks The conflict here in the Middle East has happened we've seen an increase in attacks we've actually Even for me personally I try to access a website of one of the banking services They use it was just offline just said sorry we are we have been taken offline. We're under attack We're definitely saying that we're seeing an increase in the level of sophistication and intensity of the of those attacks and We are seeing cyber security become An essential part of critical infrastructure right so when when we're in Israel where I live in is really looking at How do we secure ourselves? It's not just the physical borders It's also how do we make sure that our critical infrastructure all of it is software all of it is API driven by the way, right? electricity Mobile phones all of that is the underlying infrastructures API. How do we make sure that that is able to survive? To survive an attack, and I think it's again. It's an evolving It's an evolving situation where there's both increase in the sophistication and Involving with the attacks but also in the maturity of the defenders and our ability to Put effective controls and then really where you want to be is not necessarily have an attack and respond to it You want to reduce the attack surface you want to become an unattractive target. You want to make it hard for the bad guys To act against you and we're definitely saying some progress, but to be honest There's a there's a way to go how sophisticated these API attacks are becoming and also are you? Looking like I talked to a lot of security folks and they talk about things like ransomware attacks Which are you know totally different? But are you seeing you know where it's less about attacking and taking things down? But it's also holding them hostage. I mean if you look at hospital, it's less about giving my data back They are more worried about hey, don't release it again a great question. And we're seeing two types of Fred actors the ones that are economically motivated For the most part or just trying to find the very simple vulnerability You're just scanning for something that's unauthenticated as what's called a zombie or rogue API point something that somebody developed Just forgot about and they're very opportunistic, right? So they would really go target by target if they get a We see the reconnaissance activity There's actually something that you can see how they're trying to map out and test different things And they would just go after what they would consider to be a soft target And it's not incredibly sophisticated and it's also not incredibly hard to put controls in place Not to be affected by those things. It's really about just not making yourself an attractive target for them block reconnaissance attempts Show yourself as a hardened target and they would move on Targeted attackers and we're also seeing those things have really increased their sophistication They're doing business logic attacks meaning that they're not just looking for an inherent vulnerability within the code Which is something you can ultimately detect and block they're trying to find flaws within how Your applications are built and your APIs are built in order to manipulate them in order to gain some benefit financial benefits cross-damage Steel data, whatever it is and we are seeing a huge amount of sophistication being put into that They're really mapping those applications. They're understanding their business logic and And they're giving you know, it's a real challenge to understand those attacks it's a real challenge to effectively respond to those attacks and Definitely, there's been a higher level of sophistication. I would say really in the past two years We've seen them up their game and also employ a lot more automation and AI As part of that, right? So it's like there's a phishing email involved I would you can even see that that seems to be something that's like really tailored to the person and that's probably AI driven And we're really seeing them use a lot of Sophisticated automation that allows them to scale out those attacks. We are at the end of 2023 almost as November and you know If you look back at this year and then if you look at 2024 from operational security perspective Do you feel that you know, we are moving in the right direction where in 2023 we did not see that many attacks and 2024 the things will get better or you're like, no we still have some concerns So look, I think and maybe I'm not the right person to talk about it, but the bigger war against cybercrime I would need to say that ultimately Kind of look at the bottom line. We're not doing great job There's the cyber crime economy is very successful. That's growing each one of those conflicts actually froze more people That may have certain technical skills into that loop. I would say this protecting legacy applications Is extremely hard and it is really a challenge to put controls in place or to identify some of those attacks and Respond to them. I think the upside of an API Architecture and an API first approach. It is actually easier to secure that environment because it is easier to To update and make sure that you have the right the right software. That's not vulnerable. It's easier to monitor them It's easier for engineering to identify specific areas that need to improve So actually for a modern for a company that's moved to a modern architecture and has a program in place, I would say that The pain that they're experiencing is actually lower and I do I do definitely see that they're making progress and are able to see less attacks or Drastically reduce the impact of an attack right an attack an attempt of an attack within itself is not is not where you have the impact The impact is if they're successful So yeah, I'm definitely seeing some improvement and I think it has to do with better Security technology but also better technology in general, right? A lot of our problems are the legacies, right? A lot of the legacy operating system the legacy code That is really where it's very hard to to make an impact. Let's just wrap this up from the lens of this partnership crowd strike and salt and The challenges that you talked about how this partnership is going to kind of ease some of the pains of security teams or developer teams I think we're this partnership really Help security teams a lot of them are really looking to standardize on a certain stack of technology They're looking to operationalize that technology and having a tight integration within the crowd strike ecosystem Really makes it easier for people to consume it right so say I've already built this whole Operation around crowd strike and now I can feed in an additional telemetry that sheds a light specifically on Friends that have to do with my API's that's shorter time to value. It's easier to consume It's low effort and it's also better risk management because it gives me like the big picture right not just the API But also some other aspects and I think really it's about the shortening time to operational success for us Excellent Ori. Thank you so much for taking time out today and talk about, you know, the changing API security line escape the partnership and as usual, I would love to chat with you again soon and also stay safe Thank you. Thank you. Bye. Bye. Always a pleasure