Noname Security, a cybersecurity platform that allows enterprises to manage APIs, today closed a $60 million series B funding round led by Insight Partners, with Next47, Forgepoint, TSG, Cyberstarts, and Lightspeed Venture Partners participating. It brings the companyâ€™s total raised to $85 million and will be used to scale Nonameâ€™s go-to-market and customer success efforts as well as its product and R&D teams.
APIs, the connectors that clouds and apps use to communicate with each other, will become the cyberattackerâ€™s target of choice, according to Gartner. The analyst firm predicts that by 2022, API attacks will be the most frequent attack vector across the enterprise. API vulnerabilities can take many forms, from a developerâ€™s forgotten side project to a software interface improperly configured. While some of these flaws are documented, the vast majority go unnoticed, giving anyone who can find them access to an organizationâ€™s operations.
Nonameâ€™s platform seeks to address this by automatically discovering, remediating, and testing various APIs. It analyzes API call flows, detecting problems and anomalous behaviors even in the absence of an outside threat, like an API marked â€œinternalâ€ thatâ€™s exposed to the open web. Noname also identifies potential issues during development and testing, so that vulnerabilities donâ€™t go live. And it blocks attacks in real time and integrates with workflows to resolve vulnerabilities and erroneous setups.
â€œI cofounded Noname in 2020 with our CTO, Shay Levi. We served together in Unit 8200 of the Israeli Defense Forces, which is sometimes referred to as the â€˜startup factory,’â€ Noname CEO Oz Golan told VentureBeat via email. â€œWhen we first started the company, for almost a year, we met chief information security officers from some of the largest companies in the world to learn about their biggest challenges, and API security was the number one issue â€¦ We saw an opportunity to create a single platform to address all security vulnerabilities for all APIs.â€
APIs continue to be an important tool for software developers and companies in general. Enterprises of all sizes from a wide range of industries continue to rely on APIs, and most plan to expand their API usage in the upcoming year. In fact, almost 67% expected to use APIs more in 2020 compared to 2019, according to a recent RapidAPI survey.
â€œ[Thereâ€™s been a] massive upward trend in API usage as companies continue to invest in making services and assets available through digital transformation initiatives,â€ RapidAPI CEO Iddo Gino said in a statement. â€œAs the survey data suggests, this trend is present across all industries and API usage increases as a companyâ€™s software development team begins to expand.â€
Noname trains a machine learning model for each API based on its real-time usage, leveraging unsupervised learning techniques. Where labeled datasets donâ€™t exist, unsupervised models help to fill in the gaps in domain knowledge by teaching themselves to classify the data. Noname uses these models to create an inventory of active APIs and perform an analysis of the traffic passing through them, noting what comes in and out. Through this, the platform can identify APIs that might be passing sensitive information, like credit card and Social Security numbers.
â€œNoname Security doesnâ€™t just protect the APIs, it protects the companyâ€™s data,â€ Gola said. â€œFor example, an unprotected Experian API returned a credit score based simply on someoneâ€™s name and address. This is why enterprises need Noname.â€
In the over $1.2 billion API management market, 70-employee, Palo Alto, California-based Nonameâ€™s competitors include Salt Security and Traceable,Â among others. But Noname claims to have â€œhundredsâ€ of enterprise customers either piloting its software or in full production.
â€œThe perception in the market is that we compete with API gateways, like MuleSoft or Apigee, or web application firewalls, like Palo Alto Networks or F5 Networks. But in reality, those are our partners. We integrate with their products and enhance their API security posture,â€ Golan explained. â€œ[The pandemic] helped us gain traction and sell to Fortune 500 companies as enterprise perimeters changed and API security became a top concern. Increasingly, cybersecurity is API security, yet most enterprises have no idea what APIs theyâ€™ve exposed, much less what those APIs are doing â€¦ In a post-pandemic world, modern enterprises demand broader and more flexible API security solutions.â€
Previously, Noname closed a $25 million series A round in December 2020 with contributions from Lightspeed, Insight, and Cyberstarts.