Thank you for Subscribing to CIO Applications Weekly Brief
Thank you for Subscribing to CIO Applications Weekly Brief
However, while the APIs are proliferating to meet the demands of an expedited application development environment, oftentimes, security takes a backseat. By nature, APIs expose application logic and sensitive data such as Personally Identifiable Information (PII) of customers, due to which they have increasingly become a prime target for attackers.
The attackers exploit several vulnerabilities in the API environment, including a forgotten side project of a developer, a software interface that has been put up incorrectly, excessive data exposure, lack of resources, security misconfiguration, to name a few. And the implications of these vulnerabilities can be catastrophic for organizations, which not only dents their reputation but can also result in significant revenue loss.
In recent times, several organizations such as Experion, Bumble, Peloton, and others have been subjected to security breaches due to unwarranted API access, which compromised their sensitive user data. While some of these issues have been documented, most API vulnerabilities go unnoticed for years, providing cyber attackers’ unrestricted access to an organization’s most sensitive data and processes. And thus, they need a partner that can protect their existing as well as future APIs against any vulnerability.
Enter Noname Security.
The CA-based cybersecurity company offers a silver bullet solution for API security. Their next-generation Noname API Security Platform is a one-stop solution that protects organizations’ digital environments against API data leakage, authorization issues, abuse, misuse, and data corruption without using any external agents or network modifications. The platform provides end-to-end security against all the API vulnerabilities, including protecting APIs in real-time from adversaries, scanning the environment for misconfigurations and compliance issues, and becoming part of the software development lifecycle by finding issues during the application development process. “We don’t try to secure a single pipeline of our client’s API; rather, we secure their entire API environment, from A to Z,” states Shay Levi, CTO and Co-Founder at Noname Security.
We don’t try to secure a single pipeline of our client’s API; rather, we secure their entire API environment, from A to Z
Moreover, as business requirements force development teams to push code with vulnerabilities and deploy rogue APIs, Noname API Security Platform also mitigates API vulnerabilities that stem from misconfigurations. As soon as the platform is deployed, it immediately analyzes all the APIs and the users that are communicating with the APIs. The platform remediates all the misconfigurations, automatically updates firewall rules, webhook into their web application firewalls (WAFs) to create new policies against suspicious behavior, and integrates with their existing workflows. “Our clients can get value out of the Noname Platform the minute they connect it,” informs Levi. “Besides, upon clients’ request, the platform can actively block any particular adversary from abusing their system or leveraging the vulnerabilities that they might have in their code.”
Notably, the clients can also utilize the Noname Platform to test their APIs before deploying their applications, ensuring no vulnerabilities are introduced into production.
A Journey toward Excellence The cornerstone of Noname Security was laid out of organizations’ inability to find an appropriate partner that can help them mitigate API security flaws. Both the Co-Founders of the company, Oz Golan and Shay Levi, in their interaction with leading chief information security officers (CISOs), discovered that most of the existing solutions do not offer the necessary security posture for the organizations’ APIs. Thus, both OZ and Shay quickly put together a team of proficient individuals to satiate organizations’ pressing need for API security. In fact, the co-founders developed the Noname API Security Platform before they established the company’s legal identity.
When they were required to fill out the company name on a legal document, Oz and Shay coined the company’s name as ‘Noname’ because they hadn’t come up with one yet.
Since its genesis, Noname Security has left no stones unturned to alleviate clients’ grievance with its customer-first attitude. In addition, it offers complete transparency to its clients when it comes to Noname’s products and services. “We strive to maintain a very open and honest culture, where we do not hide behind our failures, rather we try to tackle all the challenges head-on,” mentions Levi.
With its transformative approach and sheer grit, Noname Security has transformed API security for organizations and has already racked up forty partners and hundreds of customers—either fully implemented or evaluating the platform—in a short timeframe. Levi shares the customer success story with a significant cloud presence that was not aware of their API vulnerabilities. The client was assuming that 99 percent of their APIs are routed through the gateways. However, when they deployed the Noname Platform on their system, they discovered that many of those APIs were legacy APIs that the team didn’t even know still existed. Some of those APIs required no authentication. They even had internal APIs that were open to the internet, which posed a severe security threat to their data. With the help of the Noname Platform, the client immediately bridged the security gap in their environment and secured it from adversaries.
Additionally, Noname helped them eliminate their existing vulnerabilities and protected them against any future threats. “After the client implemented the Noname platform, they have come a long way in terms of API security compared to where they were before implementing our Platform. They are now extremely confident that their environment behaves as it should, they have security controls in place, they don’t have any rogue APIs risking their environment, everything is routed the way it should. And, even if someone would try to attack them, our platform would catch them in real-time,” extols Levi.
Several such stories have helped Noname Security carve a niche for itself as the go-to API security provider. The company is now working on adding more functionality to its already robust platform to quench current as well as any future API security needs of organizations. Also, with a plethora of contextual data regarding API traffic, Noname Security is working on API gateway configuration across different environments to bridge any gaps in API security. “API security breaches are going to be a major thorn for organizations in the coming years, and the Noname API Security Platform is the perfect ally for our clients in their digital transformation journey,” concludes Levi.