API protection platform Salt Security raises $140M

Salt Security, an API vulnerability and protection platform used by companies such as Equinix and Telefónica, has raised $140 million in a series D round of funding.

The raise comes as the burgeoning API economy continues apace, with companies across the industrial spectrum embracing APIs (application programming interfaces) as part their digital transformation endeavors.

APIs, in a nutshell, help companies build products and services more quickly through leveraging domain-specific expertise rather than having to build every single feature in their application from scratch. APIs bring login authentication to banking apps and maps to fitness apps, and are powering the broader shift from monolithic software to the cloud and microservices-based applications constructed from smaller, function-based components.

There’s an API for that

However, APIs — as with all endpoints — serve as potential conduits for nefarious cyber deeds. Countless API vulnerabilities have emerged through the years, including from well-resourced tech companies such as Facebook.

Salt Security recently reported that API traffic across its customer base grew 141% in a six-month period last year, with malicious traffic increasing by 348%. It’s worth noting that these customers had API gateways and WAFs (web application firewalls) in place, meaning that bad actors were finding ways to infiltrate traditional security measures.

One of the obstacles to detecting API vulnerabilities is that companies might not always know where all their APIs are. Salt Security’s primary purpose is to first discover and inventorize APIs in a company’s stack, including so-called “zombie” APIs that may still be active despite having been presumed disabled.

On top of this, Salt Security enables companies to prevent sensitive data exposure by surfacing the APIs that channel personally identifiable information (PII); uses big data and AI to analyze traffic and spot unusual activities; and prevents account takeover through identifying patterns such as excessive logins or manipulation of user IDs.

Salt Security touts strong growth over the past year, claiming a 500% growth in revenue; 300% growth in customer count; and 250% growth in employees.

“APIs provide the foundation for innovation in today’s economy,” Salt Security CEO and cofounder Roey Eliyahu said in a statement. “Our vision for Salt Security has always been to make it safer and easier for companies to innovate by securing APIs in the face of a growing and dynamic attack surface.”

Founded out of Palo Alto, California, in 2016, Salt Security had previously raised around $131 million, including a $70 million tranche last year. For its series D round, the company attracted Alphabet’s CapitalG growth fund as lead investor, with participation from existing investors including Sequoia Capital, bringing its valuation to $1.4 billion.