Originally published on Venture Beat.
Noname Security, a cybersecurity platform that allows enterprises to manage APIs, today closed a $60 million series B funding round led by Insight Partners, with Next47, Forgepoint, TSG, Cyberstarts, and Lightspeed Venture Partners participating. It brings the company’s total raised to $85 million and will be used to scale Noname’s go-to-market and customer success efforts as well as its product and R&D teams.
APIs, the connectors that clouds and apps use to communicate with each other, will become the cyberattacker’s target of choice, according to Gartner. The analyst firm predicts that by 2022, API attacks will be the most frequent attack vector across the enterprise. API vulnerabilities can take many forms, from a developer’s forgotten side project to a software interface improperly configured. While some of these flaws are documented, the vast majority go unnoticed, giving anyone who can find them access to an organization’s operations.
Noname’s platform seeks to address this by automatically discovering, remediating, and testing various APIs. It analyzes API call flows, detecting problems and anomalous behaviors even in the absence of an outside threat, like an API marked “internal” that’s exposed to the open web. Noname also identifies potential issues during development and testing, so that vulnerabilities don’t go live. And it blocks attacks in real time and integrates with workflows to resolve vulnerabilities and erroneous setups.
“I cofounded Noname in 2020 with our CTO, Shay Levi. We served together in Unit 8200 of the Israeli Defense Forces, which is sometimes referred to as the ‘startup factory,’” Noname CEO Oz Golan told VentureBeat via email. “When we first started the company, for almost a year, we met chief information security officers from some of the largest companies in the world to learn about their biggest challenges, and API security was the number one issue … We saw an opportunity to create a single platform to address all security vulnerabilities for all APIs.”
APIs continue to be an important tool for software developers and companies in general. Enterprises of all sizes from a wide range of industries continue to rely on APIs, and most plan to expand their API usage in the upcoming year. In fact, almost 67% expected to use APIs more in 2020 compared to 2019, according to a recent RapidAPI survey.
“[There’s been a] massive upward trend in API usage as companies continue to invest in making services and assets available through digital transformation initiatives,” RapidAPI CEO Iddo Gino said in a statement. “As the survey data suggests, this trend is present across all industries and API usage increases as a company’s software development team begins to expand.”
Noname trains a machine learning model for each API based on its real-time usage, leveraging unsupervised learning techniques. Where labeled datasets don’t exist, unsupervised models help to fill in the gaps in domain knowledge by teaching themselves to classify the data. Noname uses these models to create an inventory of active APIs and perform an analysis of the traffic passing through them, noting what comes in and out. Through this, the platform can identify APIs that might be passing sensitive information, like credit card and Social Security numbers.
“Noname Security doesn’t just protect the APIs, it protects the company’s data,” Gola said. “For example, an unprotected Experian API returned a credit score based simply on someone’s name and address. This is why enterprises need Noname.”
In the over $1.2 billion API management market, 70-employee, Palo Alto, California-based Noname’s competitors include Salt Security and Traceable, among others. But Noname claims to have “hundreds” of enterprise customers either piloting its software or in full production.
“The perception in the market is that we compete with API gateways, like MuleSoft or Apigee, or web application firewalls, like Palo Alto Networks or F5 Networks. But in reality, those are our partners. We integrate with their products and enhance their API security posture,” Golan explained. “[The pandemic] helped us gain traction and sell to Fortune 500 companies as enterprise perimeters changed and API security became a top concern. Increasingly, cybersecurity is API security, yet most enterprises have no idea what APIs they’ve exposed, much less what those APIs are doing … In a post-pandemic world, modern enterprises demand broader and more flexible API security solutions.”
Previously, Noname closed a $25 million series A round in December 2020 with contributions from Lightspeed, Insight, and Cyberstarts.