We are excited to provide the latest news and features about the Noname Security platform. These features help you protect your APIs from a broader range of attacks, improve your security posture, and simplify your API security operations.
In this blog post, we’ll dive into the latest updates that will redefine how you interact with our product across the four pillars — Runtime Security, Discovery, Posture Management, and Active Testing.
The Noname Platform’s Security page has several powerful new features to help understand attack attempts and triage responses, including Attacker Confidence Score and Attacker IP Reputation.
This feature provides a “confidence” score on whether the attacker is a genuine threat to help you better identify, validate, and categorize specific attackers. To calculate this score, Noname uses a machine learning algorithm that considers all available context, including historical data, behavioral analytics, network traffic patterns, geolocation data, and threat intelligence feeds. This lets you quickly hone in on critical threats and create automatic remediation and notification flows for high-probability attacks.
This new capability correlates an attacker’s IP address with external threat intelligence services to understand the attacker’s IP risk potential whenever suspicious activity is detected. The IP address associated with an attack is ranked as High Risk, Suspicious, Moderate Risk, Low Risk, or Trustworthy. This allows you to make intelligent threat remediation decisions. For example, you can automatically block High Risk IP addresses associated with suspicious activities or send an email notification to your security team when Low Risk IP addresses attributed to an internal source trigger an attack alert.
The Discovery pillar of the Noname Security platform now provides insight into the API behavioral learning status and includes enhancements to the API authentication discovery.
Noname learns about your APIs by continuously examining runtime traffic to your servers, examining your API configurations and specifications, and exploring your infrastructure and APIs. With this update, you can now view the status of the behavioral learning process as the Noname Platform discovers and creates an inventory of APIs in your environment. The learning process percent indicator helps you to understand whether the behavioral baseline has been fully reached. It also highlights the time and criteria needed to complete a specific API’s learning process. This ensures that you are taking action on the finalized data and APIs that are considered mature.
The Noname Platform identifies and baselines the authentication state of the APIs within your environment. Previously, you could automatically discover whether an API endpoint is authenticated by analyzing cookies, headers, and query parameters. With this release, you can extend the authentication discovery to the body of the API request and discover custom HTTP Basic Authentication, API Key Authentication, and OAUTH Authentication schemes even when the authentication information is added to a field or subfield within the API request body. This allows you to customize your API authentication discovery methods to your particular API specifications and uncover non-standard APIs that lack authentication.
The Posture Management pillar now supports Generative AI to simplify API Descriptions and API contextualization using traffic samples.
Describing the APIs in your inventory is essential in building a world-class API security program, but doing so can be manual and time-consuming. The Noname platform now leverages a Large Language Model (LLM) to examine API schemas and generate concise, plain-language API descriptions to help you understand the functionality of a specific API. Since autogenerated API descriptions are based on the observed API activity, they can provide additional insight into the purpose of an API within the context of an application. The API Descriptions using the Generative AI feature is currently in Private Preview.
The Noname platform collects normal (non-suspicious) traffic samples per API to provide context and insights into how the API is used. As a result, security teams can better understand the API requests and responses, optimize data classification, understand authentications, and analyze conformance to security best practices. Unlike solutions using SIEM or Data Lakes, the Noname Platform only collects a small amount of transaction data to contextualize APIs. In doing so, all traffic samples are obfuscated – suspicious or not – and are viewable by administrators and contributors only, simplifying your privacy and compliance initiatives.
The Active Testing pillar now supports compliance framework mapping and redesigned authentication mechanisms to further enhance API testing and ensure that APIs with security vulnerabilities aren’t implemented.
Issues detected by Active Testing are now automatically mapped to security and compliance frameworks to simplify API compliance and audit initiatives. For example, IT organizations can now quickly identify compliance violations with NIST 800-53r5/800-171r2, PCI-DSS 4.0, OWASP ASVS 4.0.3, ISO 27001:2022 and HITRUST CSF v11.1.0 frameworks.
This new feature supports more dynamic forms of authentication techniques and provides better management for secrets associated with the applications – such as assigning multiple secrets for a single authentication, reusing secrets between authentications and environments, and more. This feature streamlines authentication configuration and ensures that Noname Security platform can support widely-used authentication methods.