Noname, which sells entirely through channel partners, has added the Recon tool to simulate an attacker performing reconnaissance on customers’ domains, so they can rapidly detect and fix issues.
Palo Alto-based Noname Security, which makes a platform to provide proactive API security, has added Noname Recon to their API Security Platform. Recon lets customers simulate an attacker performing reconnaissance on their domains, so that they can rapidly find and fix issues without the need for any integrations, installations, or implementations.
Noname, which started up in 2020, covers the entire API security landscape, from Discovery through Posture Management, Runtime Protection and Active Testing, all without the use of agents. It increases security team effectiveness by providing them with the easiest, fastest, and most flexible tool to protect their APIs.
“There are many tools like general attack surface management tools for ASMs, but the difference is that they are not focused on finding APIs,” said Filip Verloy, Field CTO at Noname Security. “They are more concerned with infrastructure being exposed. They don’t get the APIs. To understand that, you have to understand how APIs work. We take our API knowledge from building our base model and externalize it with Recon.”
Noname Recon extends the platform’s capability.
“What we have been doing in the past is giving customers an inside-out view of their APIs,” Verloy said. “This gives them an outside-in view, which is quite unique. All customers have security controls in place. What this adds on top is the ability to detect blind spots those existing tools have. There’s not a tool out there that can do the same thing in terms of shining a light on those potential blind spots.”
Recon is the second major capability that Noname has added to their platform.
“We previously had Active Testing, which focused on security testing for preproduction APIs,” Verloy noted. “Recon is our second piece of major functionality we have added to the platform. It is not an individual app as much as it is a continuation of the platform.
“In building this, we wanted to simulate the first phase an attacker would go through, using the MITRE ATT&CK framework,” he continued. “We wanted to simulate an attack surface that allows them to think like an attacker. It’s like a Blue Team approach but it gives the customer a non-intrusive way to do it, with a passive scanning solution, that passively gathers all the reconnaissance.”
Accordingly, Recon automatically discovers public APIs, domains, and vulnerabilities, including shadow domains that are easily overlooked. It also finds exploitable intelligence, such as exposed information, to understand the attack paths available to adversaries. In addition, it monitors for changes in APIs, domains, and developer activity to build a complete and current inventory of publicly accessible assets.
“The types of issues we would detect through Recon are third party issues that aren’t easily remediated,” Verloy said. “For example, am I exposing API keys in my GitHub repositories, which would expose how our APIs work without any authentication? They could then go to GitHub and have it fixed.”
Recon also quickly fixes vulnerabilities before they can be exploited, allows making smart, informed decisions about which issues to remediate first and shrink attack surface in record time, and resolves high-severity issues in hours or days instead of weeks or months.
As well, Recon prevents breaches, by securing data and confidential information with automatic scanning and protection against evolving threats, and automates policy enforcement. This allows customers to avoid regulatory fines and reputational damage by continually monitoring for compliance.
With existing customers, Recon is purchased as an add-on license.
“Some customers might also want to buy it separately,” Verloy stated. “Both are an option because it gives you an external view of what the attack surface looks like. Some customers just want the informational piece. They also have remediation options with the rest of the platform.”
Noname sells 100% through channel partners, and Verloy said that the Recon gives them new opportunities.
“It opens up an additional avenue to talk to their customers,” he noted. “Recon also doesn’t require any installations or any setup, so there is no heavy lifting.”