Predict your next investment

Neosec company logo
INTERNET | Internet Software & Services / Monitoring & Security
neosec.com

See what CB Insights has to offer

Founded Year

2020

Stage

Series A | Alive

Total Raised

$20.7M

Last Raised

$20.7M | 3 mos ago

About Neosec

Neosec leverages AI-based behavioral analytics to provide unmatched visibility and threat hunting capabilities to stop threat actors from abusing the rapidly expanding API attack surface exposed by microservices architectures.

Neosec Headquarter Location

691 S. Milpitas Blvd Suite 212

Milpitas, California, 95035,

United States

Latest Neosec News

API Security Startup Neosec Launches With $20.7M Series A

Sep 24, 2021

Neosec, founded by the security experts behind LightCyber, aims to bring principles from extended detection and response to API security. PDF Neosec, a startup aiming to better secure APIs, today emerged from stealth with $20.7 million in Series A funding from True Ventures, New Era Capital Partners, TLV, and SixThirty. APIs have become a hot target for attackers, especially as organizations rapidly shifted to accommodate remote work. Reports indicate API abuses will be the most common vector used in data breaches within enterprise Web applications: Nearly all (91% of) organizations surveyed by Salt Security had an API-related issue last year, and 54% reported finding flaws in their APIs. In the past, APIs were typically used on secure private networks and channels. Now they are core to enterprise efforts as organizations rely on APIs to make their internal applications, systems, and services accessible to their customers, partners, and other third parties. And as APIs become a greater focus for businesses, they become a greater focus for attackers as well. "APIs are not new, but … API security is really in its infancy," says Neosec co-founder and CEO Giora Engel. He built the startup with CTO Ziv Sivan; the duo had previously created behavioral analytics company LightCyber, which was sold to Palo Alto Networks in 2017 for $105 million. Today's application security tools often focus on securing the perimeter with signature-based tech. Neosec's approach carries over techniques that extended detection and response (XDR) tools used to detect threats and applies them to recognize malicious behavior within APIs. For most organizations, the problem starts with a lack of API inventory. Application security is mostly focused on setting up processes with developers, but that alone is not enough. Both internal APIs and those exposed to the outside are not accounted for, which puts them at risk. "When they don't have that visibility, they can't even think about securing them or monitoring them because they don't even know what they are," Engel explains. "Even if you have the best-written APIs, they can still be abused if the credentials are used for the wrong purpose or there's account takeover." Discovering the APIs is the first step toward securing them, but he notes that organizations also often lack visibility into how APIs are being used. As organizations more heavily rely on APIs for a greater number of capabilities, many can fly under the radar. When an API is involved in a breach, "it's typically some kind of API that was forgotten or not properly monitored," he adds. How Neosec's Technology Works Neosec's software-as-a-service (SaaS) platform aims to give security teams visibility into behavior across their APIs by using existing logs as a data source. This allows them to discover all the APIs involved in an organization without needing to install any sensors, Engel says. Deploying sensors in each microservice "just is not possible to achieve," he continues, as it's more work for the developer team and runs the risk of interfering with production. "Our method is really based on logs, primarily because it enables us to take logs you already generate – such as access logs – from main chokepoints and reuse the same data you already have, perform analytics on it, and create results," Engel explains. Neosec's platform starts by discovering an organization's APIs. It audits the risk posture of the APIs it finds and identifies those transferring sensitive data, as well as those that are vulnerable or misconfigured and need to be fixed. The third component of the platform is behavioral analytics, which is used to identify suspicious API behavior and flag it for investigation. "Understanding how they're used, and finding out normal usage, is key," says Engel. Even well-written APIs can be abused. Neosec's technology uses "multi-entity tracking" to analyze their behavior and understand relationships between entities such as users, customers, partners, and business processes to understand the dynamics between them and create a timeline: what happened to an invoice over time, for example, or what is the normal behavior for a specific partner. "You can only do that if you understand entities and the relationships, and not just look at individual calls," he notes. The behavioral analytics can help cut down on things like fraud and unauthorized transactions, for example, and prevent data leakage and compliance violations. Neosec was founded early last year and is based in Palo Alto, Calif., with R&D in Tel Aviv, Israel. It plans to use the Series A funding to further develop its platform and expand its business around the world. Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Predict your next investment

The CB Insights tech market intelligence platform analyzes millions of data points on venture capital, startups, patents , partnerships and news mentions to help you see tomorrow's opportunities, today.

Expert Collections containing Neosec

Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.

Neosec is included in 1 Expert Collection, including Artificial Intelligence.

A

Artificial Intelligence

7,904 items

This collection includes startups selling AI SaaS, using AI algorithms to develop their core products, and those developing hardware to support AI workloads.

CB Insights uses Cookies

CBI websites generally use certain cookies to enable better interactions with our sites and services. Use of these cookies, which may be stored on your device, permits us to improve and customize your experience. You can read more about your cookie choices at our privacy policy here. By continuing to use this site you are consenting to these choices.