As seen on VentureBeat.
Neosec, a cybersecurity platform designed to secure APIs, today emerged from stealth with $20.7 million in series A funding from True Ventures, New Era Capital Partners, TLV, SixThirty, and several angel investors. According to CEO Giora Engel, the proceeds will be put toward product development and growing Neosec’s business in the U.S., Europe, the Middle East, and Asia.
Researchers are sounding the alarm on threats to enterprise security arising from insecure APIs. Last November, Forrester warned that organizations that fail to address API vulnerabilities could face significant data breaches. And in March, Salt Security released a report on API security that showed that that 91% of organizations suffered an API-related problem last year, with more than half (54%) reporting finding exploits in their service APIs.
Neosec claims to take a fundamentally different approach to app and API security without requiring the use of signatures, predetermined exploits, or on-premises deployment. The platform automatically finds all APIs involved with an organization and maintains a complete inventory, generating missing documentation for previously unknown APIs. Neosec also audits the risk posture of individual APIs and identifies those transferring sensitive data, revealing any discrepancies between existing API documentation and the parameters of the API. By automatically learning the baseline behavior of every API, Neosec can flag vulnerable or misconfigured APIs in need of fixing, according to Engel.
“Neosec was started by Ziv Sivan and I [in February 2020]. We previously founded LightCyber, which was acquired by Palo Alto Networks in 2017 and became the basis for extended detection and response. As a security researcher, extending back to my work with the Israel Defense Force and later with LightCyber and Palo Alto Networks, I pioneered the use of behavioral analytics for detection and response,” Engel told VentureBeat via email. “Networks are rapidly changing from traditional datacenter, on-premises models to ones that are fully cloud-based, connected, and governed by APIs that expose core business logic externally. After leaving Palo Alto Networks, I knew that APIs were the next frontier for security vulnerabilities that could make previous attacks look small.”