Enterprise application programming security startup Noname Security today announced significant enhancements to its application programming interface security platform to help organizations protect their API ecosystem, secure their applications and increase cyber resilience.
The release delivers new capabilities across Noname’s entire platform, including discovery, posture management, runtime protection, pre-production testing and deployment.
Leading the list are enhancements to Noname Security’s Discovery and Posture Management solutions that help organizations locate and provide insight into every API in their ecosystem. The enhancements assist in uncovering vulnerabilities, including the most recent Open Web Application Security Project API Top Ten, protecting sensitive data, and proactively monitoring for changes, including in OpenAPI and other specifications.
New capabilities enable customers to gain complete visibility and detailed insights to protect APIs with customizable discovery, flexible tagging and datatype assignments, according to the company. That includes personally identifiable information, payment card industry, protected health information and custom categories.
Organizations can understand APIs in a rich context with visualizations of business logic, physical network infrastructure and API traffic to understand specific interactions and behavior patterns, Noname says. The service can be used to prioritize resources and eliminate blind spots with extensive infrastructure inventories for Amazon Web Services Inc. and Microsoft Azure, enabling organizations to find unprotected APIs, map the connections between APIs and infrastructure resources, pinpoint resources that could increase the attack surface, and resolve potential issues with full context.
On the security side, Noname Security Runtime Protection detects and blocks API attacks with real-time traffic analysis, out-of-band monitoring, inline remediation options and workflow integrations to increase security operations center effectiveness.
New capabilities enable customers to identify business logic-based attacks immediately with updates to the Noname anomaly detection engine using artificial intelligence and machine learning, including unsupervised online learning. Organizations can reduce mean time to resolution with more context on issue records, including detailed remediation guidance and tools for deeper investigation. The capabilities align with security operations center processes with automation, custom workflows and integrations with existing systems such as information technology service management, security information and event management, security orchestration, and automation and response.
For testing, Noname Security Active Testing is a purpose-built API security testing solution that helps organizations add security into the continuous integration and continuous delivery pipeline without sacrificing speed. The new version of Active Testing enables customers to shift left with integrations into the entire software development lifecycle. Teams obtain dynamic API visibility across multiple states and environments throughout the CI/CD process.
No API is left untested through a unique ability to find and test every API based on understanding the application’s business logic, the company added. Developers are empowered with best-in-class usabilities, such as simple setup and automation, in-line test results and contextual guidance for request failure mitigation.
“APIs are the connective tissue for the digital world, but the explosion in API use has created new and rapidly growing threats to organizations across the globe,” Shay Levi, Noname’s co-founder and chief technology officer, said ahead of the release. “We created the Noname API Security Platform to uniquely address the modern API ecosystem with discovery, insight, protection and testing capabilities.”
Karl Mattson, chief information security officer at Noname Security, spoke with theCUBE, SiliconANGLE Media Inc.’s livestreaming studio, in July, when he discussed how, as security teams feel the added pressure to deliver in obscure cloud-native environments, capabilities around security need to conform accordingly: