theDocumentId => 1341447 Noname Security Lands $60M Series B

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

6/30/2021
05:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Noname Security Lands $60M Series B

PALO ALTO, Calif., June 30, 2021 (GLOBE NEWSWIRE) -- Hard on the heels of its emergence from stealth, enterprise API security company Noname Security announced a $60M Series B today led by Insight Partners, with Next47, Forgepoint, and The Syndicate Group (TSG) joining the round and existing investors Cyberstarts and Lightspeed Venture Partners participating as well. The round brings Noname’s total funding to $85M since emerging from stealth in December 2020.

The latest funding comes amid fast growth for the Silicon Valley-based startup. In the six months since launch, Noname has amassed forty technology, reseller, and channel partners and hundreds of enterprise customers either in production or evaluating the platform.

The demand is urgent as APIs — the connectors that clouds and software applications use to communicate with one another — have become the cyberattacker’s target of choice, according to analyst firm Gartner.

“The surging volume of APIs and the growing complexity of modern applications has led to an increase in cybersecurity obstacles,” said Thomas Krane, Principal at Insight Partners. “Noname came to market at just the right time with a fully realized, next-gen technology that’s making a big impact with global customers.”

API vulnerabilities can take many forms. A developer’s forgotten side-project. A software interface improperly set up. An obsolete block of code that was never removed.

Some of these security flaws are documented. Most are not. The great majority go unnoticed—often for years—giving anyone who can find them unfettered access to an organization’s most sensitive operations.

And all too often, attackers find them first.

“When we show potential customers all the vulnerabilities Noname has discovered in their APIs, it’s a real light-bulb moment for them,” said Oz Golan, CEO and co-founder of Noname Security. “Even seasoned security professionals often have no idea how exposed their systems are.”

The Noname API Security Platform covers every aspect of API security, from discovery to analysis to remediation and testing. It creates a complete inventory of an organization’s APIs and uses AI and machine learning to detect attackers, suspicious behavior, and misconfigurations. It remediates API vulnerabilities by integrating with existing security infrastructure and blocking attacks in real-time, all without deploying agents or requiring network modifications. Customers can also use Noname to test APIs before deployment, preventing vulnerabilities from ever going into production.

Noname’s approach has won widespread praise — and rapid customer adoption.

“There’s a lot more to API security than just protecting against external attacks,” Golan said. “Noname is the only solution that addresses the full range of API vulnerabilities, including protecting APIs in real-time from adversaries, scanning the environment for misconfigurations and compliance issues, and becoming part of the software development lifecycle by finding issues during the development process. Noname monitors the relationships and flows of information between all internal and external APIs. By discovering and analyzing everything in real-time, it protects the entire environment throughout the API lifecycle before something goes wrong, whether it’s a threat from the outside or an internal error.”

Another part of Noname’s appeal is its turnkey design. Unlike competing products, Noname doesn’t rely on an army of software agents to monitor applications and processes. Where agents decrease network performance and need to be installed, configured, and updated, Noname integrates seamlessly with clouds, on-premises environments, and other security and IT management tools. It isn’t deployed but simply connected — one of the many qualities that have quickly made Noname a favorite with IT security chiefs.

“APIs are a centerpiece of digital transformation and cloud-centric technology adoption, and API security has risen to the top of the CISO priority list,” said veteran banking CISO Karl Mattson. “Noname’s team and technology are hitting this challenge head-on.”

“It’s no coincidence that since entering general availability, Noname has won every competitive head-to-head evaluation we’ve been involved in,” Golan said. “Based on our traction and the feedback we’ve received from customers, it’s clear we’re serving a real need with a product that surpasses everything else on the market.”

To learn more about Noname visit: www.nonamesecurity.com

About Noname Security

Noname Security creates the most powerful, complete, and easy-to-use API security platform that helps enterprises discover, analyze, remediate, and test all legacy and modern APIs. Fortune 500 companies trust the Noname API Security Platform to protect their environments from API attacks, vulnerabilities, and misconfigurations. Noname is a privately held company headquartered in Palo Alto, California, with an office in Tel Aviv. www.nonamesecurity.com

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32686
PUBLISHED: 2021-07-23
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and ...
CVE-2021-32783
PUBLISHED: 2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem...
CVE-2021-3169
PUBLISHED: 2021-07-23
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CVE-2020-20741
PUBLISHED: 2021-07-23
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if t...
CVE-2021-25808
PUBLISHED: 2021-07-23
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.