Securing the worlds APIs: why we’re partnering with 42Crunch

Adara Ventures recently completed an initial investment in 42Crunch, the European cybersecurity startup based in London that is changing the way companies secure their API ecosystem.

We are thrilled to back Jacques, Philippe, Isabelle and their world-class team on their journey to secure the largest attack surface: APIs.

The Opportunity: APIs run the world (wide web)

APIs (Application Programming Interfaces) are a set of functions and procedures that facilitate the safe, reliable and stable communication between two applications for the exchange of messages and data. Nowadays, APIs are everywhere, with 83% of all web traffic occurring via API.

The Problem: More APIs = More cyberattacks

As APIs proliferate, so do cyberattacks that leverage vulnerabilities associated to them. Companies use internal APIs to access their microservices, SaaS APIs to draw in third party information, and external APIs providing functionalities to external developers. This creates a blurred security perimeter that may inadvertently offer an unsecured back door into an enterprise system. Gartner predicts:

1. APIs will become the #1 attack vector of cyberattacks by 2022.
2. The yearly cost of API security breaches is estimated to reach $600bn by 2022.
3. By 2023, over 50% of B2B transactions will be performed through real-time APIs

The Solution: 42Crunch secures APIs individually, and at all stages of the development lifecycle

The 42Crunch platform provides a set of automated tools to easily secure the entire API infrastructure by describing security in the API contract, and enforcing those policies throughout the entire lifecycle. Delivering security as code enables a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing the security of APIs.

The 42Crunch platform includes three components:

1. Audit: a tool for developers to embed API security as they code

The Audit tool runs a static analysis of the OpenAPI definition of the contract against 200 security checks, automatically identifying specific errors and remedies.

2. Scan: a dynamic runtime analysis of the API

By scanning in runtime, 42Crunch check that the implementation of the API and the behaviour of the backend service match the API contract. This helps identify potential issues such as data or exception leakage by detecting misconfigurations, misbehaviours, and APIs vulnerabilities.

3. Protection: a native, lightweight and low-latency API firewall

Deployable with just one click, the API firewall automatically enforces security measures based on the OpenAPI definition and protects API endpoints wherever they are. Allowed operations are whitelisted, eliminating the need to implement custom rules or to guess which traffic is valid through AI. 42Crunch’s firewall is highly scalable, platform agnostic, and supports multi-cloud and multi-geo zone deployments.

Importantly, the 42Crunch API security solution has been integrated into GitHub, the world’s largest software development and code hosting platform. This integration allows millions of developers to try 42Crunch on any of their projects on GitHub, coupling API security review with their development workflow, and supporting the “shifting left” movement that seeks to make security an integral part of the development lifecycle.

Adara Ventures: Tripling down on cybersecurity

42Crunch’s team, product and approach captivated us from our very first interaction. We are delighted to welcome them to our portfolio, joining exceptional cybersecurity teams Constella Intelligence, CounterCraft and Hdiv.