API Security , Video

Salt CEO on the Security Risks Around Agile API Development

Roey Eliyahu on Why Traditional Cyber Measures Can't Address Rapidly Changing APIs
Roey Eliyahu, co-founder and CEO, Salt Security (Image: Salt Security)

The rapid pace of API development has created significant risk for companies given the amount of data that's being exposed, said Salt Security CEO Roey Eliyahu.

See Also: August Spotlight | Automated Threat Intelligence Correlation

The security industry hasn't adapted quickly to address these problems since it's still used to relatively static APIs that were easy to guard and only updated once or twice a year, according to Eliyahu. But Agile development means APIs can now change once every two weeks, which has created major issues around discovering what to protect and ensuring that attacks against APIs don't fly under the radar (see: API Security: The New Imperative).

"If you think about security testing for APIs or assessment or security code reviews, they are not really scalable or not linear," Eliyahu said. "It depends on your security team size. Security teams did not grow as much as APIs grew. If you go from three APIs to thousands or tens of thousands of APIs, obviously, you don't have a thousand more people in your security org."

In this video interview with Information Security Media Group, Eliyahu also discussed:

  • How generative AI and LLMs have affected the API security landscape;
  • How API security benefits from starting with production environments;
  • Why Salt is best suited for large enterprises and midmarket companies.

Eliyahu is a veteran of the elite cybersecurity unit, where he led development of high-end security systems to protect the largest network in Israel of the Israel Defense Forces and the government. He also led development of security system projects at Cigol Digital Systems, a military-grade security systems company, and founded the cybersecurity college that trains the next generation of leaders and prepares them for serving in the IDF’s elite security units.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.