Press Release

Neosec Achieves SOC 2 Type II Compliance Leveraging its Own Security Platform for Application API Level Controls

Neosec Team
Written By Neosec Team
2 minute read

Neosec’s SaaS platform meets the highest security and privacy standards
to deliver protection from fraud and abuse within business APIs

 

21972-312_SOC_NonCPA

 

PALO ALTO, Calif., May. 17, 2022 -- Neosec today announced that it has successfully completed the System and Organization Controls (SOC 2) Type II audit of its fully cloud-based solution that discovers and protects APIs using behavioral analytics. During the audit, Neosec included use of its own platform to meet the application monitoring controls requirement.  Neosec is the only API security vendor that is SaaS native, which is critical to provide full coverage of all applications in use by a customer and assess the corresponding API interactions. At the same time, Neosec maintains complete privacy for its customers with its privacy by design architecture, featuring tokenization. Recently, Neosec was named a 2022 Gartner Cool Vendor in Application Security: Protection of Cloud-Native Application and was selected as a finalist in the RSA Innovation Sandbox to take place June 6 at the RSA conference in San Francisco. 

Companies are increasingly pursuing digital business initiatives to boost corporate efficiency and effectiveness by connecting their core business systems with those of customers, partners and other third parties through the use of APIs. While these connections are becoming a business imperative, they expose core business processes enabling an entirely new level of fraud and abuse by cybercriminals or third parties. The Neosec solution automatically discovers any API, determines those that are business critical and of high risk, monitors traffic within them and applies machine learning and behavioral analytics to find fraud or misuse. The platform also uniquely offers a threat hunting capability for proactive protection.

“Digital business connections through APIs expose what was previously tightly guarded inside companies, putting financial resources, inventory, order fulfillment, procurement and other assets with high monetary value at significant risk,” said Ziv Sivan, co-founder and chief technology officer, Neosec. “Neosec reinvents API security as a fully cloud-based solution to meet these new challenges, and achieving SOC 2 compliance underscores our privacy by design architecture and commitment to customer confidentiality and trust.”

Internal controls at Neosec are built on the best industry practices and aligned with SOC 2 criteria and requirements. This enables Neosec to have the proper governance, controls, procedures and safeguards in place to protect customer data from cyberattacks or third-party insider misuse. The SOC 2 audit report offers Neosec customers and partners peace of mind, as it is a stamp of approval that the company is compliant with best practices in data protection and has all the appropriate safeguards and procedures in place to control who can access sensitive data. In addition, customers may specify any API field for tokenization, effectively anonymizing sensitive or private data from Neosec personnel, protecting confidentiality and keeping it independent from any other customer.

“It is imperative that in addition to auditing infrastructure level assets, vulnerabilities and monitoring, businesses must have a control in place for application-level API asset discovery, API vulnerabilities and API behavioral monitoring” said Ziv Sivan. “The Neosec platform was one of the controls we implemented to monitor our own applications and APIs.”

Defined by the American Institute of Certified Public Accountants (AICPA), SOC 2 defines criteria for service providers to securely manage data and protect the interests and privacy of their customers. SOC 2 Type II certification offers proof that controls have been implemented properly over several months. All incidents and significant changes have to be documented in the report, resulting in a more complete picture of how an organization deals with security over time.

About Neosec
Neosec is re-inventing application security with a powerful platform that unifies security and development teams to protect modern applications from threats. The foundation of the SaaS platform is built on data and analytics to manage security at scale. Neosec prevents threats from abusing the complex network of APIs that connect today's businesses. The platform helps organizations discover every API and audit risk. Neosec has pioneered the use of behavioral analytics to understand normal versus abnormal API usage and delivers powerful threat hunting capabilities. Neosec prevents threats and stops abuse hiding within APIs and brings new intelligence to application security. Neosec is based in Palo Alto, California with R&D in Tel Aviv, Israel. To learn more, visit neosec.com.

Subscribe to our newsletter

Click here to subscribe