Neosec came out of stealth mode and completed its Series A fundraise with a total investment of $20.7m from True Ventures, New Era Capital Partners, TLV and SixThirty.
In addition, security visionaries Mark Anderson, Gary Fish, Mickey Boodaei, Rakesh Loonkar and Shailesh Rao also participated in the round.
Led by co-founders CTO Ziv Sivan and CEO Giora Engel, Neosec’s technology builds upon Engel’s previous experiences in developing precision security behavioural analytics who also serves as the chair of the fraud prevention task force at Financial Data Exchange FDX within FS-ISAC. Mark Anderson, former President of Palo Alto Networks, is also a founding investor and Chairman of the Neosec board.
Instead of using traditional application security tools that typically rely on protecting a perimeter using signature-based methodologies, Neosec brings established techniques from XDR (Extended Detection and Response) security products, including precise behavioural analytics, to reveal threats and business abuse hiding inside APIs.
While APIs already represent a substantial portion of an organization’s traffic, their rapid adoption has made them a conduit for misuse, manipulation, theft and attack. Most enterprises underestimate the risk, because they lack a comprehensive inventory of APIs and are unaware of the scale of unknown shadow APIs. They also have no way to assess what is being done within an API. Industry analysts have predicted that API abuses and attacks will soon become the most common vector for stealing from or impairing enterprises.
Neosec’s data analytics approach discovers all APIs involved with an organization, based on existing logs without the need to install any sensors. The platform establishes and constantly maintains a complete inventory of APIs in use and even generates missing documentation for ones that are previously unknown. Neosec audits the risk posture of all discovered APIs and identifies those transferring sensitive data. The platform reveals any discrepancies between existing API documentation and the parameters of the API. It then flags those APIs that are vulnerable or misconfigured and require fixing.
Furthermore, it automatically learns the baseline behaviour of every API user and client, correlating and profiling for multiple entities, including users, customers, business processes and partners. It enables the ability to see, investigate, and threat hunt using detailed timelines of the behaviour of each user entity.
As TLV Partners principal Brian Sack said, “Today’s new applications are all API-driven, which creates a new attack surface that puts business fundamentals at risk. Traditional application security techniques are scarcely relevant in a cloud and API-first world.”
Echoing a similar sentiment, True Ventures partner Puneet Agarwal added, “Today, APIs contain both money and data as well as govern key interactions within a business and to customers, partners and suppliers. Every API is a window into an organization’s business systems and potentially exposes key business logic and processes. Ignoring this blind spot is no longer an option, so the need for a new approach to API security is critical.”
Highlighting the key challenge in cybersecurity, Engel said, “Existing technologies were not created to address the incredible exposure organizations now have through their APIs. We created an entirely new approach based on data analytics to provide a complete understanding of all API interactions. It is fully automated, SaaS-delivered and able to protect increasing exposure through digital business.”
“Gartner® stated that “By 2022, API abuses will move from an infrequent to the most-frequent attack vector, resulting in data breaches for enterprise web applications.”1 Together, with the explosion of the API economy, this threat will only increase, and is not contained to a specific industry,” said David Fairman, Venture Partner, SixThirty and Chief Security Officer, APAC, Netskope. “It will have ramifications across every digital business.”
Copyright © 2021 FinTech Global