Reading Time: 5 minutes

APIs fuel stunning digital innovation and creative attacks by bad actors looking for unauthorized access to accounts or valuable data. API attacks grew 681% in a 12-month period compared to a 321% increase in overall API traffic. 

MuleSoft and Salt Security are teaming up to provide comprehensive API security needed to protect APIs across build and runtime. At MuleSoft CONNECT 2022, Takeda Pharmaceuticals shared how it has deployed Salt to discover APIs not managed by the MuleSoft platform and to protect all APIs against attacks in runtime. 

latest report
Learn why we are the Leaders in API management and iPaaS

Enabling comprehensive API security 

MuleSoft provides several critical tools to protect your APIs today, including built-in authentication and authorization, protection against common DoS attacks with rate limiting, and a seamless way to govern inline security policies for input validation, sensitive data protection, and other protections.

Despite these capabilities, Takeda Pharmaceuticals and other MuleSoft customers continue to have gaps in their API security coverage, including: 

  • Discovery: MuleSoft can protect the APIs it knows about, but it can’t protect all the unknown or shadow APIs that your developers are building elsewhere. The Salt platform connects into customers’ systems across all application environments and automatically and continually discovers APIs. 
  • Sensitive data discovery: In addition to finding shadow APIs, the Salt platform also identifies where APIs are revealing sensitive data in requests or responses. This information helps you lock down unnecessary exposures. 
  • Runtime protection: API gateways provide powerful inline protection, but on a single transaction, to defeat SQLi or cross-site scripting. Today’s API attacks are far more sophisticated. They unfold over days or weeks, so detecting them requires analysis of traffic over time, with rich context and understanding of API business logic. The Salt platform applies cloud-scale big data with near real-time analysis to detect attackers during their reconnaissance activities before they can reach their objective. Only with this level of rich context can you find, pinpoint, and stop attackers targeting APIs. 
  • Remediation details and shift-left security: The Salt platform supports a variety of pre-production API security testing capabilities and uses runtime learnings to also provide remediation insights you can apply to improve your API security posture. 

Takeda Pharmaceuticals augments the security capabilities in the MuleSoft platform with additional protections from Salt. 

Takeda Pharmaceuticals protects critical Plasma-Derived Therapy app with Salt 

Takeda relies on APIs to fuel a range of patient-based applications, including its highly touted Plasma-Derived Therapies. Patients tap the power of personally tailored drug therapies to combat rare diseases, and these applications include a stunning amount of sensitive data. Takeda relies on Salt Security to protect this data, pinpoint, and stop attackers, and harden their APIs. Salt integrates easily with MuleSoft and into other application environments to provide comprehensive protection.

Conclusion 

MuleSoft customers have the opportunity to leverage the MuleSoft/Salt partnership for richer API security. You can supplement the MuleSoft best-in-class API integration and management capabilities with the Salt best-in-class API security solution to gain full visibility, complete runtime protection, and remediation insights.