Hear from CIOs, CTOs, and different C-level and senior execs on knowledge and AI methods on the Way forward for Work Summit this January 12, 2022. Learn more
API safety startup Noname Security, which immediately disclosed a $135 million sequence C funding spherical at a post-money valuation of $1 billion, mentioned it has landed buyer engagements with 20% of the businesses within the Fortune 500 throughout its first yr available in the market. The corporate’s platform brings highly effective capabilities for “proactively” remediating API vulnerabilities, together with providing speedy deployment because of its agentless and cloud-native method, Noname cofounder and CEO Oz Golan informed VentureBeat.
Utilizing a broad evaluation of configurations, visitors, and code, the Noname platform detects and prevents potential exploits of API vulnerabilities in real-time, in accordance with the corporate. The platform additionally affords the power to find and remediate misconfigured APIs on a proactive foundation, defending prospects towards the theft of delicate knowledge, Noname says.
In the meantime, the platform’s ease of set up, in comparison with merchandise that require brokers or proxies, is “a part of the explanation why we’ve managed to scale up this quick,” Golan defined.
Noname and its API safety platform launched out of stealth in December 2020. Among the many Fortune 500 firms now utilizing the platform are two of the world’s 5 largest pharmaceutical companies, one of many world’s three largest retailers, and one of many world’s three largest telecoms, the corporate says.
API safety or API insecurity?
APIs, or software programming interfaces, have grow to be more and more important for enterprises as they search to grow to be digital companies. The software program serves as an middleman between totally different purposes, permitting apps and web sites to entry extra knowledge and acquire larger performance.
Nevertheless, cyberattackers have taken discover, and APIs have rapidly changed into a preferred goal. A number of API safety distributors have reported a surge in API-based assaults throughout 2021. And by 2022, the overwhelming majority of web-enabled apps — 90% — may have extra floor space uncovered for an assault within the type of APIs than by way of the human person interface, in accordance with Gartner analysis.
“I feel attackers are seeing that APIs should not overly sophisticated to assault and to compromise,” mentioned Karl Mattson, chief info safety officer at Noname Safety, in an interview with VentureBeat in November.
Essentially the most frequent API-based assaults contain exploitation of an API’s authentication and authorization insurance policies, he mentioned. In these assaults, the hacker breaks the authentication and the authorization intent of the API with a view to entry knowledge.
“Now you could have an unintended actor accessing a useful resource, akin to delicate buyer knowledge, with the group believing that nothing was awry,” Mattson mentioned.
This so-called “leaky API” situation has been behind most of the highest-profile breaches associated to APIs, he mentioned.
One other situation is that API calls are actually getting used to start out or cease a important enterprise course of — for example, a broadcasting firm that initiates a broadcast stream or an influence firm that turns a house’s electrical energy on or off utilizing an API name, Mattson mentioned. That degree of dependence on APIs raises the safety stakes even additional, he mentioned.
To proactively analyze and safe APIs, Noname’s platform closely makes use of AI-driven automation, Golan mentioned. For example, by utilizing AI, the platform can create a baseline for the standard conduct of an API. And if there’s ever a deviation in that conduct, the platform can alert and take motion — “fully robotically,” Golan mentioned.
“So it’s truly serving to organizations to guard themselves not solely from the identified points, but additionally from the unknown, which is tremendous essential,” he mentioned.
Waiting for 2022, Noname plans to boost its platform with extra safety features to help builders, in accordance with Mattson. A brand new “energetic testing” module will carry out vulnerability checks, supply code testing, and configuration checks previous to an API’s launch—permitting prospects to repair any vulnerabilities previous to launch into manufacturing, he mentioned.
“So the place we began as a runtime providing, now that energetic testing will enable us to go earlier within the lifecycle,” Mattson mentioned.
With the brand new funding spherical and valuation, Noname mentioned it has grow to be the primary firm targeted on API safety to realize a billion-dollar “unicorn” valuation.
The sequence C spherical was led by Georgian and Lightspeed Enterprise Companions. Different collaborating buyers included Perception Companions, Cyberstarts, Next47, Forgepoint Capital, and The Syndicate Group.
The funding will go towards increasing the corporate’s go-to-market and R&D groups. Noname at present employs 200.
The corporate, which had most lately raised a $60 million sequence B spherical in June, has now raised $220 million in funding to this point. Noname was based by Golan and chief know-how officer Shay Levi, each previously of Unit 8200 of the Israeli Intelligence Corps.
VentureBeat’s mission is to be a digital city sq. for technical decision-makers to realize data about transformative know-how and transact.
Our web site delivers important info on knowledge applied sciences and techniques to information you as you lead your organizations. We invite you to grow to be a member of our neighborhood, to entry:
- up-to-date info on the themes of curiosity to you
- our newsletters
- gated thought-leader content material and discounted entry to our prized occasions, akin to Transform 2021: Learn More
- networking options, and extra