Berkshire Bank Banks on Salt for API Protection

June 03, 2022

Berkshire Bank Banks on Salt for API Protection

It’s cool to win banks as customers – it’s even more cool when they go public with the news!

We’re proud to share this news, given how essential security is to financial institutions. The combination of working under extensive regulations and the criticality of protecting customers’ sensitive financial data sets the bar for security pretty high.

I especially enjoyed my conversation with Ryan Melle, SVP and CISO at Berkshire Bank. He’s a pragmatist, and he gets things done quickly. As with so many banks, Berkshire Bank is leveraging APIs to build a broader ecosystem with FinTechs and innovate fast. This skyrocketing use of APIs comes with a price.

“We’re seeing an increase in the number of API transactions, but we’re also seeing an increase in API attacks. We have to keep our data secure and our regulators happy, and we can’t get in the way of digital transformation – Salt fits right into that,” said Melle.

Because traditional solutions, such as web application firewalls (WAFs) and API gateways, lack the ability to correlate API activity over time, they can’t adequately protect this expanding attack surface. Bad actors have to probe APIs to understand the business logic and look for vulnerabilities. This reconnaissance means API attacks are  low and slow, and API security solutions must be able to spot this behavior as it occurs and before the bad actors achieve their targets.

Just as WAFs can’t correlate traffic over time, VM- or server-based API security solutions also fall short, lacking the scope of data and real-time analysis needed to build context to spot API attacks. Only cloud-scale big data, with sophisticated ML and AI doing real-time analysis yields the context needed to identify API attacks, which often unfold over days, weeks, and even months.

Berkshire Bank is tapping the Salt Security patented API Context Engine (ACE) architecture to get a full inventory of its APIs, perform API design analysis, ensure data protection by evaluating all traffic leaving the bank, and deliver runtime protection to stop API attacks.

According to Ryan,

“We considered other solutions, but they didn’t provide the range of capabilities we needed – we found the Salt architecture to be unique. The Salt system got stood up in a day, so it’s been simple operationally too.”

With Salt Security, Berkshire Bank can protect its APIs from account takeover (ATO) and ensure the safety of their services. Read more about how Berkshire Bank uses the Salt API security platform in this case study.

We love creating joint customer success stories like this one. How can we help you make your APIs attack proof and accelerate innovation? Feel free to contact us or request a customized demo.


Also in News

Visa delays are impacting startups
Visa delays are impacting startups

June 28, 2022

Australia is a country that has grown and thrived on migration. Migrants grow the population, the economy and the skills base, as well as deepen and broaden the culture. Migrants by their nature are generally pro-active, self-starters with open minds and new ideas. Statistically, they also tend to be younger and better educated than the population at large.
Meet the CEO - Stewart Bartlett
Meet the CEO - Stewart Bartlett

June 15, 2022

From semiconductor design engineer to cofounder of a smart ultrasound company, Stewart Bartlett, Ferronova’s CEO tells us about the challenges and rewards of managing a company that combines medical device and drug development and the dynamics of translating technology from university research into the clinic.
Time to sort the wheat from the chaff
Time to sort the wheat from the chaff

June 13, 2022

This age-old farming expression applies perfectly to today’s market conditions. As markets shift rapidly from “greed” to “fear”, fundamentals (the wheat) get mixed up with a lot irrational fears (the chaff).