Noname Security gets $135M to ‘proactively’ lock down APIs

Hear from the CIO, CTO and other C-level and senior executives on data and AI strategies at the Future of Work Summit on January 12, 2022. Learn more


API Protection startup Nonem Securities, which today announced a $ 135 million Series C funding round with a post-money valuation of 1 billion, said it has made customer alliances with 20% of companies in the Fortune 500 during its first year on the market. Oz Golan, an anonymous co-founder and CEO, told VentureBeat that the company’s platform brings powerful capabilities to “practically” remedial API vulnerabilities, with the offer of rapid deployment due to its agentless and cloud-native approach.

Using a comprehensive analysis of configurations, traffic and code, the anonymous platform detects and prevents potential exploitation of API vulnerabilities in real-time, according to the company. Nonam says the platform also provides the ability to actively detect and modify misconfigured APIs, protecting consumers from the theft of sensitive data.

Meanwhile, the ease of installation of the platform, compared to products that require agents or proxies, “is part of the reason we managed to scale so quickly,” Goal explained.

Nonam and its API security platform came out of stealth in December 2020. Among the Fortune 500 companies now using the platform are two of the world’s five largest pharmaceutical companies, one of the world’s three largest retailers and one of the world’s three largest telecom companies. The company says.

API Security or API Insecurity?

APIs, or application programming interfaces, have become increasingly essential for enterprises as they seek to become digital businesses. The software serves as an intermediary between different applications, allowing applications and websites to access more data and gain more functionality.

However, cyber attackers have taken notice, and APIs have quickly become a popular target. Some API security vendors reported an increase in API-based attacks during 2021. And by 2022, the vast majority of web-enabled applications – 90% – will have more surface area than man-made attacks in the form of APIs. User interface, according to Gartner research.

“I think the attackers are seeing that the API isn’t too complicated to attack and compromise,” Carl Mattus, chief information security officer at Nonam Security, said in an interview with VentureBeat in November.

‘Leaky’ APIs

The most frequent API-based attacks involve the exploitation of API authentication and authentication policies, he said. In these attacks, hackers undermine the purpose of authentication and authentication of the API to access data.

“Now that you have an unwanted actor accessing a resource, such as sensitive customer data, the organization believes that nothing is messy,” Mets said.

This so-called “leaky API” issue is behind many high-profile breaches related to APIs, he said.

Another issue is that API calls are now being used to start or stop a complex business process – for example, a broadcasting company that initiates a broadcast stream or a power company that turns on or off a home’s electricity using an API call. , Mattson said. That level of reliance on APIs exacerbates security concerns, he said.

Production plans

Golan said that to actively analyze and secure the API, Nonam’s platform makes extensive use of AI-powered automation. For example, using AI, platforms can create a baseline for typical API behavior. And if there is ever a deviation in that behavior, the platform can issue a warning and take action – “completely automatically,” Goal said.

“So it actually helps organizations to protect themselves not only from known problems, but also from the unknown, which is extremely crucial,” he said.

According to Matson, looking forward to 2022, Nonem plans to expand its platform with additional security features to help developers. A new “active test” module will check vulnerabilities before the API’s release, test source code testing and configuration – allowing customers to fix any vulnerabilities before releasing them into the product, he said.

“So where we started as a runtime offering, now that active testing will allow us to move faster in the life cycle,” Mattis said.

Unicorn mode

With the new funding round and valuation, Nonam said it has become the first company to focus on API security to achieve the billion-dollar “Unicorn” valuation.

The Series C Round was led by Georgian and Lightspeed Venture Partners. Other participating investors include Insight Partners, Cyberstarts, Next47, Forgepoint Capital, and The Syndicate Group.

This funding will lead to the expansion of the company’s go-to-market and R&D teams. Nonam currently does 200 jobs.

The company, which recently raised $ 60 million in Series B rounds in June, has raised $ 220 million to date. Nonam was founded by Golan and Chief Technology Officer Shea Levy, both formerly of the 8200 unit of the Israeli Intelligence Corps.

Venturebeat

VentureBeat’s mission is to become a digital town square for technical decision makers to gain knowledge about transformative technology and practices. Our site delivers essential information on data technologies and strategies so you can lead your organizations. We invite you to access, to become a member of our community:

  • Up-to-date information on topics of interest to you
  • Our newsletters
  • Gated idea-leader content and discounted access to our precious events, such as Transform 2021: Learn more
  • Networking features and more

Become a member

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *