Neosec announced that it has emerged out of stealth mode and closed a $20.7 million Series A funding round led by True Ventures, New Era Capital Partners, TLV, and SixThirty, as well as security gurus Mark Anderson, Gary Fish, Mickey Boodaei, Rakesh Loonkar, and Shailesh Rao.

The firm is taking a different approach than today’s traditional application security products, which often rely on signature-based approaches to secure a perimeter. Instead, Neosec uses known XDR (Extended Detection and Response) security approaches, such as precise behavioural analytics, to uncover vulnerabilities and business abuse hidden within APIs.

“Today’s new applications are all API-driven, which creates a new attack surface that puts business fundamentals at risk. Traditional application security techniques are scarcely relevant in a cloud and API-first world,” said Brian Sack, principal at TLV Partners.

APIs are the foundations of digital business, and they enable to accelerate innovation and software development by allowing organisations, partners, and services to communicate seamlessly. While several security solutions promise to secure APIs today, the majority rely on traditional signatures, allowing API calls to proceed without any practical checks of their usage. These systems have no way of detecting bad conduct in APIs, so they let authenticated clients engage with them as they see fit, presuming they’re safe and allowed. 

“Today, APIs contain both money and data as well as govern key interactions within a business and to customers, partners and suppliers. Every API is a window into an organization’s business systems and potentially exposes key business logic and processes. Ignoring this blind spot is no longer an option, so the need for a new approach to API security is critical,” said Puneet Agarwal, partner at True Ventures.

Neosec learns every API user’s and client’s baseline behaviour automatically, correlating and profiling different entities such as users, customers, business processes, and partners. It allows users to see, investigate, and hunt for threats utilizing precise timelines of each user entity’s activities.

“One of the greatest challenges facing cybersecurity is the severe lack of logical visibility and behavioral assessment of APIs. Existing technologies were not created to address the incredible exposure organizations now have through their APIs. We created an entirely new approach based on data analytics to provide a complete understanding of all API interactions. It is fully automated, SaaS delivered and able to protect increasing exposure through digital business,” said Engel.