Neosec, a startup aiming to better secure APIs, today emerged from stealth with $20.7 million in Series A funding from True Ventures, New Era Capital Partners, TLV, and SixThirty.
APIs have become a hot target for attackers, especially as organizations rapidly shifted to accommodate remote work. Reports indicate API abuses will be the most common vector used in data breaches within enterprise Web applications: Nearly all (91% of) organizations surveyed by Salt Security had an API-related issue last year, and 54% reported finding flaws in their APIs.
In the past, APIs were typically used on secure private networks and channels. Now they are core to enterprise efforts as organizations rely on APIs to make their internal applications, systems, and services accessible to their customers, partners, and other third parties. And as APIs become a greater focus for businesses, they become a greater focus for attackers as well.
"APIs are not new, but … API security is really in its infancy," says Neosec co-founder and CEO Giora Engel. He built the startup with CTO Ziv Sivan; the duo had previously created behavioral analytics company LightCyber, which was sold to Palo Alto Networks in 2017 for $105 million.
Today's application security tools often focus on securing the perimeter with signature-based tech. Neosec's approach carries over techniques that extended detection and response (XDR) tools used to detect threats and applies them to recognize malicious behavior within APIs.
For most organizations, the problem starts with a lack of API inventory. Application security is mostly focused on setting up processes with developers, but that alone is not enough. Both internal APIs and those exposed to the outside are not accounted for, which puts them at risk.
"When they don't have that visibility, they can't even think about securing them or monitoring them because they don't even know what they are," Engel explains. "Even if you have the best-written APIs, they can still be abused if the credentials are used for the wrong purpose or there's account takeover."
Discovering the APIs is the first step toward securing them, but he notes that organizations also often lack visibility into how APIs are being used. As organizations more heavily rely on APIs for a greater number of capabilities, many can fly under the radar. When an API is involved in a breach, "it's typically some kind of API that was forgotten or not properly monitored," he adds.
How Neosec's Technology Works
Neosec's software-as-a-service (SaaS) platform aims to give security teams visibility into behavior across their APIs by using existing logs as a data source. This allows them to discover all the APIs involved in an organization without needing to install any sensors, Engel says. Deploying sensors in each microservice "just is not possible to achieve," he continues, as it's more work for the developer team and runs the risk of interfering with production.
"Our method is really based on logs, primarily because it enables us to take logs you already generate – such as access logs – from main chokepoints and reuse the same data you already have, perform analytics on it, and create results," Engel explains.
Neosec's platform starts by discovering an organization's APIs. It audits the risk posture of the APIs it finds and identifies those transferring sensitive data, as well as those that are vulnerable or misconfigured and need to be fixed. The third component of the platform is behavioral analytics, which is used to identify suspicious API behavior and flag it for investigation.
"Understanding how they're used, and finding out normal usage, is key," says Engel.
Even well-written APIs can be abused. Neosec's technology uses "multi-entity tracking" to analyze their behavior and understand relationships between entities such as users, customers, partners, and business processes to understand the dynamics between them and create a timeline: what happened to an invoice over time, for example, or what is the normal behavior for a specific partner.
"You can only do that if you understand entities and the relationships, and not just look at individual calls," he notes. The behavioral analytics can help cut down on things like fraud and unauthorized transactions, for example, and prevent data leakage and compliance violations.
Neosec was founded early last year and is based in Palo Alto, Calif., with R&D in Tel Aviv, Israel. It plans to use the Series A funding to further develop its platform and expand its business around the world.