Startup company Noname Security, which deals in securing API (application programming interfaces), has raised $135 million in a C round at a valuation of $1 billion, making Noname, which was founded only in early 2020, a unicorn. The entire amount raised is for investment in the company.
Noname Security was founded by Oz Golan (CEO) and Shay Levi (CTO). Golan and Levi met during their service in IDF intelligence unit 8200 a decade ago. After the army, Golan went to work at NSO, which has been much in the headlines lately, and in his last job there was director of research and development. For his part, Levi has worked at companies such as ironSource and Facebook.
In early 2020, the pair came to Gili Raanan at Cyberstarts with the idea of founding a new cybersecurity company. After meetings arranged for them by Raanan with information security managers at enterprises in order to learn about their needs, they decided to specialize in securing API.
The way systems talk to each other
APIs enable computer systems to talk with each other and extract information from each other. For example, a hotel booking website like Booking.com integrates APIs of various tourism providers in order to know the availability of hotel rooms at any given moment. In the same way, Booking.com can let external sites, such as car hire companies, integrate its API, to make it possible to check hotel room availability without coming directly to its app.
In several well publicized cases, hacks of APIs that led to leaks of databases were discovered. In May, for example, a break-in was discovered into the API of smart exercise bicycle maker Peloton, of which US President Joe Biden is a customer. The API facilitated communications between the bicycle's hardware and the company's servers, and the hack exposed the age, sex, address, and exercising history of millions of Peloton subscribers.
A month previously, in April, a security breach was discovered in the API of a credit data company integrated into an American student loans website. The breach made it possible to type in the name and address of any citizen and obtain his or her credit rating. Research firm Gartner has estimated that abuse of APIs will become the most popular attack vector in cases of exposure of data in Internet apps by 2022.
Noname currently employs 200 people in Israel and the US, which represents substantial growth in comparison with the 70 employees reported in the company's previous fund raising round in June. Noname does not disclose details of its financial performance or names of customers, but it does state that it works with 20% of the Fortune 500 companies, including one of the three largest retailers and one of the three largest telecommunications companies in the world. Noname has raised a total of $220 million since it was founded.
Intra-Israeli competition
Noname Security is not the only Israeli player in securing APIs. An older startup in this field is Salt Security, which was founded in 2016. Salt Security has so far raised $131 million. Its last fund raising round was in May. Salt Security does reveal some of its customer names, which include telecommunications giant Telefonica. According to the PitchBook database, the raise in May was at a post-money valuation of $625 million.
"The difference between us and Salt Security is that we take a proactive approach," says Shay Levi. "We don't make do with analyzing network traffic and checking in real time who called the API and whether he abused it, but we also actively check problems of configuration and architecture in the API. We deal both with the API that the enterprise itself exposes and also with the API that it uses, unlike other companies that only deal with what the enterprise exposes."
Another young Israeli startup in this field, also founded in early 2020, is Neosec. It too was founded by people who had served in intelligence units, 8200 and 81. Neosec emerged into the open last September, after raising $21 million. Another Israeli connection to API security is Imperva, which was founded in Israel and has two development centers here. In May, Imperva announced the acquisition of US API security company CloudVector for an undisclosed sum.
Noname Security's current round was led by Lightspeed and Georgian, with participation by existing investors Insight Partners, Cyberstarts, Next47, Forgepoint, and The Syndicate Group (TSG).
Published by Globes, Israel business news - en.globes.co.il - on December 15, 2021.
© Copyright of Globes Publisher Itonut (1983) Ltd., 2021.