Noname Security gets $135M to ‘proactively’ lock down APIs

API security startup Noname Security, which currently disclosed a $135 million series C funding round at a put up-cash valuation of $1 billion, acknowledged it has landed buyer engagements with 20% of the firms within the Fortune 500 sooner or later of its first Three hundred and sixty five days available within the market. The company’s platform brings important capabilities for “proactively” remediating API vulnerabilities, alongside with providing lickety-split deployment thanks to its agentless and cloud-native methodology, Noname cofounder and CEO OzGolan suggested VentureBeat.

The employ of a gigantic diagnosis of configurations, traffic, and code, the Noname platform detects and prevents doable exploits of API vulnerabilities in exact-time, in conserving with the company. The platform also offers the capacity to stare and remediate misconfigured APIs on a proactive basis, conserving potentialities towards the theft of sensitive recordsdata, Noname says.

In the meantime, the platform’s ease of set up, in contrast to products that require agents or proxies, is “segment of the rationale we’ve managed to scale up this lickety-split,” Golan acknowledged in an interview.

Noname and its API security platform launched out of stealth in December 2020. Among the many Fortune 500 firms now using the platform are two of the realm’s 5 ideal pharmaceutical firms, one of many realm’s three ideal stores, and one of many realm’s three ideal telecoms, the company says.

API insecurity

APIs, or utility programming interfaces, enjoy change into increasingly a truly important for enterprises as they stare to change into digital businesses. The tool serves as an middleman between diversified applications, allowing apps and websites to procure admission to extra recordsdata and attain better functionality.

However, cyber attackers enjoy taken look for, and APIs enjoy rapidly became exact into a accepted aim. A couple of API security distributors enjoy reported a surge in API-basically based mostly assaults sooner or later of 2021. And by 2022, the overwhelming majority of web-enabled apps — 90% — would possibly per chance well well enjoy extra surface condo uncovered for attack within the originate of APIs than during the human person interface, in conserving with Gartner analysis.

“I enjoy attackers are seeing that APIs are no longer overly no longer easy to attack and to compromise,” acknowledged Karl Mattson, chief records security officer at Noname Security, in an interview with VentureBeat in November.

‘Leaky’ APIs

The most frequent API-basically based mostly assaults own exploitation of an API’s authentication and authorization policies, he acknowledged. In these assaults, the hacker breaks the authentication and the authorization intent of the API in tell to procure admission to recordsdata.

“Now you enjoy gotten an unintended actor accessing a useful resource, equivalent to sensitive buyer recordsdata, with the organization believing that nothing changed into awry,” Mattson acknowledged.

This so-called “leaky API” notify of affairs has been within the motivate of quite so much of the ideal-profile breaches connected to APIs, he acknowledged.

Any other notify of affairs is that API calls are in actuality being at probability of birth or stop a major commerce route of — let’s converse, a broadcasting company that initiates a broadcast stream or a energy company that turns a condo’s electrical energy on or off using an API call, Mattson acknowledged. That level of dependence on APIs raises the safety stakes even additional, he acknowledged.

Product plans

To proactively analyze and salvage APIs, Noname’s platform heavily makes employ of AI-driven automation, Golan acknowledged. For instance, by utilizing AI, the platform can produce a baseline for the typical behavior of an API. And if there’s ever a deviation in that behavior, the platform can alert and consume action—”fully automatically,” Golan acknowledged.

“So it’s in actuality serving to organizations to give protection to themselves no longer handiest from the identified complications, but in addition from the unknown, which is mountainous a truly important,” he acknowledged.

Taking a see ahead to 2022, Noname plans to present a enhance to its platform with additional security capabilities to motivate builders, in conserving with Mattson. A recent “active finding out” module will kind vulnerability tests, provide code finding out, and configuration tests earlier than an API’s release—allowing potentialities to repair any vulnerabilities earlier than release into manufacturing, he acknowledged.

“So the build we started as a runtime providing, now that active finding out will enable us to head earlier within the lifecycle,” Mattson acknowledged.

Unicorn status

With the recent funding round and valuation, Noname acknowledged it has change into the key company centered on API security to carry out a billion-dollar “unicorn” valuation.

The series C round changed into led by Georgian and Lightspeed Endeavor Partners. Other taking piece patrons included Insight Partners, Cyberstarts, Next47, Forgepoint Capital, and The Syndicate Group.

The funding will journey toward expanding the company’s journey-to-market and R&D groups. Noname within the imply time employs 200.

The company, which had most no longer too long ago raised a $60 million series B round in June, has now raised $220 million in funding up to now. Noname changed into founded by Golan and chief technology officer Shay Levi, each formerly of Unit 8200 of the Israeli Intelligence Corps.