Noname Security is a company that is taking a complete and proactive approach to API Security. Pulse 2.0 interviewed Noname Security co-founder and chief technology officer Shay Levi to learn more about the company.
Shay Levi’s Background
Levi founded Noname Security in 2020 while in his late 20s. And Levi said:
“Before becoming an entrepreneur, I was a Senior Software Engineer at Facebook (Meta), the Chief Technology Officer at Meme (acquired by Somoto) and the R&D Team Leader at ironSource.”
Formation Of Noname Security
How did the idea for Noname Security come together? Levi shared:
“My co-founder, Oz Golan, and I met while serving in Unit 8200, the intelligence and defensive cyber security operations division of the Israel Defense Forces. Together, we noticed that many cybersecurity solutions overlooked programming interfaces (APIs) even as API usage was growing quickly for many organizations. We saw the market opportunity and decided to develop a product that embeds and integrates AI and ML to automate the detection of a broad set of API vulnerabilities and API security attacks.”
“Since exiting stealth in 2020, Noname Security has raised $220 million from some of the world’s most notable cybersecurity investors, including Insight Partners, Cyberstarts, Georgian, and Lightspeed.”
Favorite Memory
What has been Levi’s favorite memory working for Noname so far? Levi reflected:
“A few of my most memorable and proud accomplishments since launching Noname Security include our rapid achievement of attaining product-market fit, the team’s hustle and unwavering determination that led to Noname being recognized as the first API Security unicorn with a $1 billion valuation, and our successful completion of three funding rounds in a single year.”
Core Products
What are the company’s core products and features? Levi explained:
“APIs are everywhere. Any business with a mobile app or modern web apps (SPAs), using the cloud, undergoing digital transformation, integrating with business partners, running microservices, or using Kubernetes all use and operate with APIs.”
“As you can imagine, having so many APIs can be complex and challenging to track over time. Noname works with 25% of the Fortune 500 and covers the entire API security scope — Discovery, Posture Management, Runtime Security, and API Security Testing.”
“Noname Security services major brands, including Aflac, Lion Beverages (Australia), Business Development Bank of Canada, Mitsui Sumitomo Insurance Group, Rapyd Bank, and North American Bancard.”
Evolution Of Noname Security’s Technology
How has Noname’s technology evolved since launching? Levi noted:
“In 2022, Noname Security pioneered the most robust API security testing solution on the market – Active Testing. The automated API security testing enabled teams to create and ship secure code without having to become security experts. By eliminating vulnerabilities early, organizations can focus on delivering the best products and services to their customers.”
“Fast forward one year, and we released the upgrade to this groundbreaking solution. This time, Active Testing v2 was designed to make it simpler to integrate API testing within a larger DevSecOps workflow. There are also more than 160 API security tests to choose from (versus only 100 with the original version), which is a significant upgrade when considering how APIs are now more hidden, embedded in business logic and executing highly complex, cross-domain functions everywhere in the enterprise.”
“By identifying issues earlier in the API lifecycle with Active Testing, more rigorous detection of errors enables testers to improve initial designs and develop alternatives. Ultimately, apps, microservices, and APIs are better protected because the organization can proactively shrink the attack surface.”
“Additionally, in August 2023, we announced that Noname’s API Security Platform fully supports the 2023 OWASP API Security Top 10 risk categories. With this new integration, Noname Security reinforces its position as the API Security leader by natively supporting the 2019 and 2023 frameworks to help customers fight against the ever-evolving threats targeting APIs.”
Significant Milestones
What have been some of the company’s most significant milestones? Levi cited:
“This year, Noname Security introduced the industry’s first comprehensive, hardened virtual appliance, designed to deliver cutting-edge API security to the U.S. Federal Government and highly regulated industries.”
“By addressing the unique security requirements of the public sectors, Noname Security’s Hardened Virtual Appliance offers a secure and offline system for discovering, monitoring, and protecting mission-critical APIs and data. The appliance helps government and federal agencies discover all APIs, data, and metadata, analyze API behavior and detect all API threats, and prevent attacks and remediate API vulnerabilities. The appliance complies with Federal Information Processing Standards (FIPS) and Defense Information Systems Agency (DISA) Secure Technical Implementation Guides (STIGs) and can operate without internet connectivity, making it ideal for controlled environments.”
“In the face of growing cyber threats, this milestone equips government and regulated industries with the tools they need to fortify their API security and safeguard their assets, while maintaining strict compliance with government standards.”
Customer Success Stories
After asking Levi about customer success stories, he highlighted:
“In recent years, the financial services industry has undergone significant transformation as it has been forced to innovate at an accelerated pace as consumers move away from brick-and-mortar experiences in favor of digital interactions.”
“As a leading provider of supplemental insurance in pursuit of maximizing its digital transformation goals, Aflac needed to change from a centralized to a distributed approach to deploying new applications. While beneficial from a resource management perspective, this effort added complexity to an already challenging asset management scenario.”
“In addition, the company was also heavily reliant on its existing API gateways to provide visibility into its API estate. This was also a notable issue for leadership. Despite being components of the API delivery stack, API gateways are not designed to provide the security controls and observability required to adequately protect APIs. APIs implemented outside of a gateway presented even more visibility and security challenges.”
“After evaluating the Noname API Security Platform, Aflac decided it was the most comprehensive solution to protect their APIs – many of which reside in their AWS environment. Noname Security will provide both API discovery and API runtime protection. This means the company will have full visibility into every type of API, including HTTP, RESTful, GraphQL, SOAP, XML-RPC, JSON-RPC, and gRPC.”
“The API discovery module, Noname Posture Management, will also provide insight into the types of data that traverse the company’s APIs. This provides Aflac with visibility into which of their APIs are able to access sensitive data and identify any anomalies in data access.”
Funding/Revenue
After asking Levi about funding and revenue information, he revealed:
“In December 2021, just one year after launching from stealth, Noname Security secured $135 million in Series C, bringing total funds raised to $220 million and valued as the first API Security unicorn. Today, Noname Security is one of the fastest-growing cybersecurity companies ever and has achieved customer and revenue growth by over 400% each quarter.”
Total Addressable Market
What total addressable market (TAM) size is the company pursuing? Levi assessed:
“Because the market is in its early stages, there is no consensus on market size; however, most estimates hover around $1B for 2023, with the market growing at least 30% per year – representing an $8 billion market by 2030.”
Differentiation From The Competition
What differentiates the company from its competition? Levi concluded:
“After partnering with CISOs and security teams, we saw how existing solutions failed to provide the protection customers need from rapidly evolving API threats. To meet the challenge, we built the world’s most advanced API security solution from the ground up.”
“The Noname API Security Platform is the fastest, smartest, most adaptable, and most complete solution available:
— Fastest – Noname delivers rapid results at every stage, from a fast initial setup to lightning-fast issue detection and proactive testing in development.
— Smartest – Noname understands the complex business logic that powers businesses and the sophisticated attack paths that hackers exploit.
— Most Adaptable – Noname’s detection model constantly improves. The Platform can be deployed to any environment (cloud, self-hosted, hybrid) and connects the largest ecosystem of technology partners.
— Most Complete – Noname covers the full lifecycle of APIs, so no API is left untested or unprotected.
Here’s how our competitors compare:·
— Salt Security: Focuses primarily on run-time API security and does not offer capabilities for development testing or non-traffic-based discovery.
— Traceable: Primarily an agent-only solution that requires significant management overhead and complexity as it scales. Limited security capabilities – primarily focused on discovery and visibility.
— Wallarm: A Web Application Firewall solution that is trying to become an API solution. Limited visibility to its traffic and cannot address the business logic exploits often accompanying API vulnerabilities.”
