Why we’re fueling the Noname rocket ship
by Moshe Zilberstein, Partner, Next47
In April 2021, it was revealed that hackers had scraped the personal data of 530 million Facebook users, with their phone numbers and other sensitive information published in an open database. Clubhouse reportedly had the data of its 1.3 million users leaked the same month, and all of Parler posts were scraped in January 2021. These, as well as other leaks, such as the one involving Ledger, all resulted from one and the same vulnerability: exposed APIs.
An API, or an Application Programming Interface, is essentially what enables apps to talk to each other, exchanging data. APIs work as the basic building blocks for today’s digital world, powering millions of Internet services and business applications. APIs are used for everything, ranging from user authentication, personalized content recommendations, processing payments, and displaying ads. About 85% of apps use >10 APIs, most use at least 25. By the time I finished brushing my teeth this morning, I had already used dozens of APIs.
For enterprises, APIs are a primary method for importing and exporting data. A scalable business cannot take orders using pen and paper, or fax; instead, it typically relies on a multi-channel sales funnel leveraging its website, partner portals, and apps. You guessed right, these are all using proprietary APIs. In essence, APIs are the key to adding, viewing, and removing sensitive business data. Since enterprises want to secure their sensitive data, they want to secure their APIs as well.
While APIs have been around for 20 years, and businesses have been working to protect them, the legacy methods are just not suitable anymore. Why? First, just because of how widely APIs are used these days, especially if you consider that despite their omnipresence, two-thirds of the organizations deploying APIs only started to develop them in the last five years. Second, not all APIs are equally visible to the security team: since different APIs are served from different cloud environments, some may have more monitoring, some less. Adding to this is the proliferation of the microservices architecture that seems to spawn off new APIs constantly, not always with the security teams’ knowledge. All this ultimately means that in most cases, it is impossible to bring all the APIs a company is using together into one cohesive security architecture. Enterprises end up with hundreds of Internet-facing and often business sensitive APIs. And, as we already know, hackers don’t shy away from leveraging these.
Enter Noname Security, a novel solution for end-to-end API security, empowering developers to discover, analyze and remove the vulnerabilities in their API-based apps and services. Today, Noname announced a $60M Series B which Next47 is thrilled to be participating in. In addition to investor enthusiasm, Noname has built a strong customer and partner ecosystem since they emerged from stealth in December 2020. In six months, the company has amassed forty technology, reseller, and channel partners, and hundreds of enterprise customers are either in production or trialing the platform.
Noname tracks and creates a complete inventory of an organization’s APIs and uses AI and machine learning to detect attackers, suspicious behavior, and misconfigurations. It remediates API vulnerabilities by integrating with the existing security infrastructure and blocking attacks in real-time, all without deploying agents or requiring network modifications. Perhaps even more importantly, it gives enterprises a tool that will help their developers write and test secure APIs before deploying them. Testing a product for vulnerabilities before it goes live is known as the “shift left” strategy and is viewed as the best approach for guaranteeing its long-term security.
Yet, the best part of Noname’s appeal is its turnkey design. Unlike traditional API security products, Noname is agentless. Noname integrates seamlessly with cloud and on-premise environments, and other security and IT management tools. It isn’t deployed, but simply connected, providing instant value without the terrible burden of installing agents around every API service. We are excited to be part of their journey and partnering with them to get their product into the hands of more customers around the world.
