← API SecuritySalt Security

StrongStrongStrongStrong

4.6

Vendors › API Security › Salt Security

Salt Security

Name: Salt Security
Rating: 4.6 (128 reviews)
Author: Salt Security

Founded 2016·IL·VC-backed

4.6

Combined score

4.665

Gartner

4.635

▪ Editorial verdict

Salt Security has built the strongest runtime API threat detection in the market by taking a fundamentally different approach to the problem: instead of matching known attack signatures, the platform establishes a behavioural baseline for every API and detects deviations that indicate abuse. The CRN naming Salt the only API security vendor on the 2025 Security 100 List and the Globee Gold Award for API Security reflect independent validation of a product that genuinely delivers on its runtime protection promise.

The learning curve for alert tuning after initial deployment is consistently noted by reviewers, and the focus on runtime means pre-production security testing requires a separate tool or vendor.

The verdict: Salt Security is right for enterprises with large API estates needing comprehensive discovery, posture management, and runtime attack detection. Organisations wanting developer-first shift-left API testing should evaluate 42Crunch or Akamai API Security alongside Salt.

Last reviewed: May 2026

4.665 reviews

Gartner

4.635 reviews

PeerSpot

8.428 reviews

Gartner MQ: Representative Vendor (Gartner API Protection 2024)

API Security assessment

PROTECTIONStrong

API discovery & inventory

5 / 5

Attack detection

5 / 5

OPERATIONSStrong

DevOps integration

4 / 5

Remediation guidance

4 / 5

ANALYTICSStrong

Traffic analytics

5 / 5

TRUST & ECOSYSTEMStrong

Standards & spec coverage

4 / 5

Strongest: API discovery & inventory

Watch out for: Standards & spec coverage

Strengths & limitations

Strengths

●CRN named only API security vendor on 2025 Security 100 List

●AI-powered attack detection with automatic shadow API discovery

●Industry-leading attack pattern recognition across the API estate

Watch out for

●Smaller vendor — less global support footprint

●Learning curve for tuning alert noise after initial deployment

●Premium pricing not always justified for smaller API estates

Best for

Enterprises with large API estates needing comprehensive discovery, posture management, and runtime attack detection.

Not suitable for: Organisations wanting API gateway functionality — Salt Security focuses on security monitoring and protection, not API management or request routing.

Compliance coverage

●SOC 2

●HIPAA

●NIST CSF

●PCI-DSS

●GDPR

●NIS2

●ISO 27001

○Essential Eight

○AU Privacy Act

○CMMC

○DORA

○CIS Benchmarks

Switching intelligence

Switching from

Common migration paths based on review data

WAF for API protection
Manual API inventory

Also considering

Vendors typically shortlisted alongside

← Back to API Security Compare with other API Security vendors →

Quick facts

Pricing modelper API/month subscription

Pricing rangeEnterprise custom — contact for quote

Free trialNo

Min seatsNo minimum

Deployment time< 1 week

Complexity2 / 5

Pricing transparency2 / 5

AU presenceNo

IRAP assessedNo

Open sourceProprietary

Deployment

ModelsSaaS

OS supportCloud-native (agentless)

CloudAWS, Azure, GCP

SupportEmail, Dedicated CSM, Slack

Data residencyUS, EU

Company

Salt Security

Founded 2016 · 200-400 employees · VC-backed

HQ: IL

$50M+ ARR est.

Certifications

SOC 2 Type II, ISO 27001

Integrations

AWS API GatewayAzure APIMKongMuleSoftApigeeSplunkServiceNowJiraPagerDutyCrowdStrike+ 2 more