With security top of mind in many companies these days, especially given how many staff work at home, there is one area that remains chronically ignored: that of the world of APIs which power all of the platforms we all use every day.
Now, a significant player in the cybersecurity of APIs is super-charging its offering. 42Crunch, an API security startup, has raised $17 million in a Series A round led by Energy Impact Partners. Adara Ventures also participated.
42Crunch has a “micro firewall” for APIs which aims to protect against attacks listed in the OWASP Top 10 for API Security. It is used by companies such as MuleSoft, Ford Motors and Qualys.
CEO and co-founder of 42Crunch Jacques Declas said: “What do the recent data breaches at MGM Grand, Facebook and Clubhouse have in common? They all came about due to API vulnerabilities. Eighty-three percent of internet traffic now comes from APIs but traditional firewall approaches are not adapted to cope with the specific threats that APIs create.”
The three French co-founders came up with the idea after seeing the number of APIs used by customers proliferate.
The normal approach to firewalls — relying on patterns and signatures to detect potential incursions — does not work when it comes to API traffic. 42Crunch claims its platform can individually protect each API, and prevent common cyberattacks such as injections but also API-specific attacks.
Isabelle Mauny, co-founder and CTO of 42Crunch, said: “Protecting APIs from threats at runtime is only part of the story. APIs will only be truly secured when security becomes part of the developer’s flow, rather than an afterthought.”
Nazo Moosa, co-managing partner, Energy Impact Partners, added: “42Crunch’s ‘shift-left approach’ to the creation of secure-by-design APIs fits strongly with EIP’s vision of protecting global critical infrastructure. The company’s six-digit customer wins last year were catalytic to our decision to lead the round.”