Noname Security has announced enhancements to its API security platform to help organisations protect their API ecosystem, secure their applications, and increase cyber resilience.
Noname enables secure growth with API security innovation
Today, APIs drive businesses, delivering value to customers, clients, patients, users, shareholders, and more. However, securing APIs – and all of the critical assets they connect – has become more difficult than ever as APIs attacks have increased exponentially. IBM Security X-Force reported that two-thirds of its analysed incidents were due to unsecure APIs.
“APIs are the connective tissue for the digital world, but the explosion in API use has created new and rapidly growing threats to organisations across the globe. We created the Noname API Security Platform to uniquely address the modern API ecosystem, with discovery, insight, protection, and testing capabilities,” says Shay Levi, co-founder and CTO at Noname Security. “Doing so means not only securing APIs and their use, but also improving the speed at which our customers can expand their businesses.”
Discover more and strengthen security posture
Noname Security’s discovery and posture management solutions locate and provide insight to every API in an organisation’s ecosystem, uncovering vulnerabilities (including the most recent OWASP API Top Ten), protecting sensitive data, and proactively monitoring for changes, including in OpenAPI and other specifications. New capabilities enable customers to:
• Gain complete visibility and detailed insights to protect APIs with customisable discovery, flexible tagging, and datatype assignments – including PII, PCI, PHI, and custom categories – for grouping APIs by application, business unit, and more.
• Understand APIs in rich context with visualisations of business logic, physical network infrastructure, and API traffic to understand specific interactions and behaviour patterns.
• Secure containerised applications with enhanced discovery and detection for Kubernetes (k8s).
• Prioritise resources and eliminate blind spots with extensive infrastructure inventories for AWS and Azure, enabling organisations to find unprotected APIs, map the connections between APIs and infrastructure resources, pinpoint resources that could increase the attack surface, and resolve potential issues with full context.
Stop attacks with runtime protection
Noname Security Runtime Protection detects and blocks API attacks with real-time traffic analysis, out-of-band monitoring, inline remediation options, and workflow integrations to increase SOC effectiveness. New capabilities enable customers to:
• Identify business-logic-based attacks immediately with updates to the industry’s most advanced anomaly detection engine using artificial intelligence and machine learning (AI/ML), including unsupervised online learning.
• Reduce Mean-Time-To-Resolution (MTTR) with more context on issue records, including detailed remediation guidance and tools for deeper investigation.
• Fully align with security operations centre (SOC) processes with automation, custom workflows, and integrations with existing systems such as ITSM, SIEM, SOAR, and more.
Deliver secure APIs faster with active testing
Noname Security Active Testing is a purpose-built API security testing solution that helps organisations add security into the CI/CD pipeline without sacrificing speed. The newest version of active testing enables customers to:
• Shift left with integrations into the entire software development lifecycle (SDLC). Teams get dynamic API visibility across multiple states and environments throughout the CI/CD process.
• Leave no API untested with a unique ability to find and test every API based on an understanding of the application’s business logic.
• Empower developers with best-in-class usability such as simple set up and automation, in-line test results, and contextual guidance for request failure mitigation.
Continuously adapt to changing environments
Noname Security offers the most flexible and comprehensive set of deployment and integration options available. New capabilities enable customers to:
• Rapidly realise value with simplified step-by-step onboarding and in-app guidance.
• Meet any deployment requirement with both agentless and agent-based options, including eBPF, and both out-of-band and inline protection options.
• Easily manage complex deployments with automatic updates across cloud-hosted, self-hosted, hybrid, and distributed deployments.
• Maintain data residency and reduce overhead with remote engines to aggregate traffic into a centralised console, allowing you to keep data within your control and reducing traffic.
• Meet strict public-sector compliance requirements with a new hardened virtual appliance.
• See the entire attack surface with additional integrations and improvements to Akamai, AWS ECS, Cloudflare, Oracle Cloud Infrastructure, Citrix, and other connectors.
