As seen on DarkReading.
Neosec, a startup aiming to better secure APIs, today emerged from stealth with $20.7 million in Series A funding from True Ventures, New Era Capital Partners, TLV, and SixThirty.
APIs have become a hot target for attackers, especially as organizations rapidly shifted to accommodate remote work. Reports indicate API abuses will be the most common vector used in data breaches within enterprise Web applications: Nearly all (91% of) organizations surveyed by Salt Security had an API-related issue last year, and 54% reported finding flaws in their APIs.
In the past, APIs were typically used on secure private networks and channels. Now they are core to enterprise efforts as organizations rely on APIs to make their internal applications, systems, and services accessible to their customers, partners, and other third parties. And as APIs become a greater focus for businesses, they become a greater focus for attackers as well.
"APIs are not new, but … API security is really in its infancy," says Neosec co-founder and CEO Giora Engel. He built the startup with CTO Ziv Sivan; the duo had previously created behavioral analytics company LightCyber, which was sold to Palo Alto Networks in 2017 for $105 million.
Today's application security tools often focus on securing the perimeter with signature-based tech. Neosec's approach carries over techniques that extended detection and response (XDR) tools used to detect threats and applies them to recognize malicious behavior within APIs.
For most organizations, the problem starts with a lack of API inventory. Application security is mostly focused on setting up processes with developers, but that alone is not enough. Both internal APIs and those exposed to the outside are not accounted for, which puts them at risk.