Noname Security Expands API Security Platform
Noname Security has updated its platform for securing application programming interfaces (APIs) to make it possible to discover them in seconds and then automatically remediate vulnerabilities when discovered.
In addition, Noname API Security Platform 3.0 added a revamped user interface to make it easier to drill down into, customize and export views along with a set of APIs that makes the security platform programmable within the context of a larger DevSecOps workflow.
Noname Security has also added support for automatic or custom grouping of APIs based on application, business unit, functional capabilities or any other characteristic to optimize efficiency. The latest version of the API security platform is now integrated with a variety of third-party IT service management (ITSM) tools in addition to being able to export data to other security platforms and ingest data faster in Amazon Web Services (AWS) environments.
Finally, the platform now supports role-based access controls, inspects every action via an audit log and enforces custom data loss prevention and other security policies using an integrated engine.
Noname Security CEO Oz Golan said the company is committed to providing a comprehensive platform that spans API posture management, API runtime security and API security testing that is infused with analytics. That’s critical because as the number of APIs being employed across an extended enterprise rapidly increases, it becomes too difficult for IT teams to keep track of every API that has been exposed.
A recent survey conducted by 451 Research on behalf of Noname Security found the number of APIs in use has increased by 201% in a 12-month period. Additionally, 41% of the organizations surveyed experienced an API security incident in the last 12 months, with 63% of those noting that the incident involved a data breach or data loss.
The biggest issue when it comes to API security is, as always, simply determining who is responsible for it. Application security has always required a level of collaboration between IT security teams and application developers that has proven elusive.
In the meantime, there is no shortage of platforms for securing APIs. The issue that many organizations are now wrestling with is crafting a set of DevSecOps best practices that include API security. In theory, responsibility for securing APIs is shifting left toward developers and DevOps teams. In practice, however, the level of security expertise among application development teams remains uneven so most of the responsibility for API security still lies with application security teams.
In the meantime, cybercriminals have become more adept at targeting APIs that can provide them with access to a rich trove of data. The latest generation of APIs, such as GraphQL, come complete with query languages that can be abused.
Regardless of the approach to API security, the need to secure another endpoint—that has expanded the defensible attack surface—has become increasingly apparent. Less clear is how long it will be before major cybersecurity incidents involving APIs make that obvious to all concerned.
