Skip to Primary Menu Skip to Utility Menu Skip to Main Content Skip to Footer
Noname Security enters into agreement to be acquired by Akamai
Learn more
Noname Security Logo

API Security Reconnaissance As A Service using Noname Recon

Filip Verloy
Share this article

Avord, a cybersecurity services and solutions organization based in the UK, is working with API security pioneer, Noname Security, to deliver API security reconnaissance as a service.

Noname launched Recon a few months ago to simulate the reconnaissance phase of an API-based cyber attack. Typically reconnaissance techniques involve adversaries gathering information that can be used to target and access a potential victims environment. Such information may include details of the victim(s) organization, infrastructure, or personnel. The adversary can leverage this information to help in other phases of the adversary lifecycle, such as leading further reconnaissance efforts, gaining access to restricted data, or to scope and prioritize post-compromise objectives.

Reconnaissance is classified as phase one in the MITRE ATT&CK® framework, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. Noname Recon focuses specifically on your external API attack surface, and eliminates blind spots in your API attack surface by discovering the attack paths available to hackers.

Avord will deliver the Noname Recon solution as a service, combined with their deep cybersecurity expertise, to greatly reduce time to value for our joint customers. This combination will require very little customer effort, as the delivery is highly automated and requires just a few pieces of customer input to get started. 

Now you can automatically scan your external attack surface to find vulnerabilities before attackers do. You can also locate shadow domains and subdomains previously unknown, unmanaged, or forgotten. This allows you to secure your customer data, PII, internal documentation, intellectual property, and more with automated protection against evolving threats.

Through custom policies and workflows, the service can also categorize vulnerabilities by severity to align with your organization’s risk tolerance, compliance standards, and desired security posture. Furthermore, this feature empowers you to automate policy enforcement and quickly remediate issues, avoiding expensive regulatory fines or reputational damage.

With full lifecycle visibility, you can now view issues in the context of other vulnerabilities discovered in Noname’s Posture Management or Runtime Protection modules. The system provides guidance on the potential impact of the issue, which issues to remediate first, as well as the recommended remediation tactics for known issues.

Last but certainly not least, the service is a perfect augmentation to manual pentesting which is typically run infrequently as a manual process. It can be automated to run continuously and bridge the gap between these manual pentests, providing a more proactive defense against arguably the biggest new attack vector, APIs. 

Believe us, while pentesting and bug-bounty programs are still valid approaches to assessing your external attack surface, automating this process decreases the time between validations and keeps you from making costly mistakes with manual processes.

How to get started? Learn more about Noname Recon by requesting a demo.

Filip Verloy

Filip Verloy serves as the Field CTO for the EMEA region at Noname Security. In his role, Filip engages and advises customers, partners and the security industry at large, sharing his experience, insights, and strategies on API security. Prior to joining Noname Security, Verloy was the Field CTO for EMEA at Rubrik, a data security start-up. He has also previously served at various IT vendors including Citrix, Dell, Riverbed, and VMware

All Filip Verloy posts