Noname Security was an API security platform that provided comprehensive API discovery, runtime protection, and security testing. The company achieved significant market recognition before being acquired by Akamai Technologies in June 2024 for approximately $450 million.
Founded in 2020 and headquartered in San Jose, California, Noname Security raised over $220 million in venture funding and achieved a $1 billion valuation at its final private fundraise in December 2021. The company served enterprise organizations across financial services, healthcare, technology, and retail sectors.
What is Noname Security?
Noname Security was an API security platform designed to protect organizations from API-based attacks and data breaches. The platform provided automated API discovery, continuous security testing, and runtime threat detection across all API environments including REST, GraphQL, SOAP, and gRPC.
The solution addressed API security through three core capabilities: API discovery and inventory management, API posture management and configuration testing, and runtime API security with threat detection. This comprehensive approach protected organizations from OWASP API Security Top 10 vulnerabilities and zero-day API attacks.
Noname’s agentless architecture integrated with existing API gateways, service meshes, and cloud environments without requiring code changes or agent deployment. The platform analyzed API traffic patterns to establish behavioral baselines and detect anomalies indicating attacks or data exfiltration.
Key features
Automated API Discovery
Noname Security automatically discovered and inventoried all APIs across cloud, on-premises, and hybrid environments. The platform identified REST APIs, GraphQL endpoints, SOAP services, gRPC APIs, and internal microservices without requiring manual configuration.
Discovery capabilities extended beyond documented APIs to identify shadow APIs deployed without security review. The platform tracked API versions, endpoints, parameters, and data schemas to maintain comprehensive API inventory. Continuous discovery ensured new APIs were identified immediately after deployment.
API Posture Management
The platform assessed API configurations against security best practices and compliance requirements. Posture management identified misconfigurations including weak authentication, excessive permissions, unencrypted traffic, and exposed sensitive data.
Noname tested APIs for OWASP API Security Top 10 vulnerabilities including broken object-level authorization, excessive data exposure, lack of resources and rate limiting, and security misconfiguration. Automated testing ran continuously without disrupting production traffic.
Runtime API Security
Runtime protection monitored API traffic to detect attacks, abuse, and policy violations. The platform analyzed request patterns, response data, authentication attempts, and error rates to identify malicious activity.
Behavioral analysis established baseline patterns for legitimate API usage and flagged anomalies indicating attacks. Detection capabilities included injection attacks, authentication bypass attempts, data scraping, API abuse, and unusual data access patterns.
OWASP API Top 10 Protection
Noname provided specific protections against OWASP API Security Top 10 vulnerabilities. The platform detected broken object-level authorization where APIs exposed other users’ data, excessive data exposure in API responses, and lack of rate limiting enabling abuse.
Additional protections covered broken function-level authorization, mass assignment, security misconfiguration, injection vulnerabilities, improper asset management, insufficient logging and monitoring, and unsafe consumption of APIs.
Shadow API Detection
The platform identified undocumented, deprecated, and zombie APIs that create security blind spots. Shadow APIs often lack security controls and create attack vectors that traditional security tools miss.
Noname tracked API lifecycle to identify endpoints that should be deprecated but remain accessible, internal APIs exposed to the internet, and test or development APIs running in production. This visibility helped organizations eliminate unnecessary API exposure.
API Compliance
Noname supported API security compliance for regulations including PCI-DSS, HIPAA, GDPR, SOC 2, and ISO 27001. The platform monitored API access to sensitive data and validated that APIs handling regulated data implemented required security controls.
Compliance dashboards provided audit-ready reports showing API security posture, policy violations, and remediation status. Automated evidence collection simplified compliance workflows and reduced audit preparation time.
Integration Capabilities
The platform integrated with API gateways, service meshes, cloud-native environments, and security tools. Agentless deployment options included traffic mirroring, log analysis, and API gateway integration.
Noname connected with SIEM systems, security orchestration platforms, ticketing systems, and CI/CD pipelines to support existing workflows. Integration with WAF and RASP solutions provided defense-in-depth API protection.
Acquisition by Akamai
Akamai Technologies announced the definitive agreement to acquire Noname Security on May 7, 2024, completing the transaction on June 25, 2024. The acquisition price was approximately $450 million after customary purchase price adjustments.
Over 200 Noname employees joined Akamai’s Security Technology Group, including CEO and Co-founder Oz Golan. The acquisition strengthened Akamai’s ability to meet growing customer demand for API security as API usage continues to expand across organizations.
Akamai integrated Noname’s API security capabilities into its broader security portfolio, extending API protection across all traffic locations regardless of deployment architecture. For fiscal year 2024, the acquisition was anticipated to deliver approximately $20 million of revenue to Akamai.
When to use Noname Security
Organizations previously using Noname Security should transition to Akamai API Security, which includes the integrated capabilities from the acquisition. New organizations seeking API security should evaluate current API security tools including Akamai’s offering.
Historical Strengths
Noname Security pioneered agentless API security with comprehensive discovery capabilities that identified shadow APIs and eliminated blind spots. The platform’s behavioral analysis detected zero-day attacks and API abuse that signature-based tools missed.
Runtime protection operated without requiring code changes or agent deployment, enabling rapid deployment across complex API environments. Integration with API gateways and service meshes provided flexible deployment options matching diverse infrastructure architectures.
Limitations
As an acquired product, Noname Security is no longer available as a standalone offering. Organizations must work with Akamai to access the integrated API security capabilities.
The platform focused primarily on API security and did not provide comprehensive application security. Organizations requiring code-level security should consider SAST tools, DAST tools, or ASPM tools alongside API security solutions.
Note: Acquired by Akamai (June 2024) for approximately $450 million. API security capabilities integrated into Akamai API Security platform.
