Wib Grabs $16M for API Security Platform


By: R. Scott Raynovich

The market for Application Programming Interface (API) security is heating up as the startups continue to pile into this segment. Tel Aviv-based Wib this week announced it has raised a $16 million investment to enhance its API security platform and accelerate growth.

Wib was founded in August 2021 by Gil Don (CEO), Ran Ohayon (CRO) and Tal Steinherz who previously served as the CTO of Israel’s national cyber directorate. Wib’s round was led by Koch Disruptive Industries, the venture arm of Koch Industries Inc., with participation from Kmehin Ventures, Venture Israel, Techstars, and existing investors.

As API security solutions proliferate, Wib’s angle is take in and monitor API data from as many sources as possible to give security experts a wider view of the code and development landscape. This includes, for example, automating the inventory of all APIs being managed. Wib calls this approach “holistic” API security management.

“The first issue is visibility,” said Gil Don, Wib’s CEO in an interview with Futuriom. “The first question we ask customers is do they know all of the APIs that they have?”

API Security as Part of the “Shift Left”

API security will become a growing component of a movement known as “shift left,” which describes the interest in management of the development side of applications and infrastructure. As described in a Forbes column I wrote at the beginning of the year, shift left is a term used by information technology (IT) developers and DevOps types to describe the drive to push more operational testing and cybersecurity technologies further up in the development cycle – or to the left if you imagine a chart showing the development cycle over time, progressing from left to right.

Cybersecurity is increasingly becoming part of this shift left, as the focus grows on securing code and APIs used in the development process. Software risks can escalate if companies are not properly tracking existing APIs and how they are exposed to other pieces of software.

The most famous example of the risks of not securing code is the SolarWinds hack in 2019, in which hackers inserted malicious code into an update of SolarWinds Orion network monitoring software. That hack was estimated to compromise as many as 100 organizations, including Microsoft, Intel, Cisco, and the Pentagon.

Managing the API Attack Surface

By shifting left, cybersecurity tools will be involved in observing and testing code to look for vulnerabilities. It's clear that as the use of APIs massively increases, it's a blind spot that needs better monitoring. APIs increase the attack surface of an organization by providing an access point for any kind of code, including potential malicious code. Techniques to secure APIs include improving authentication with tokens and API gateways. APIs also have to be monitored and managed with potential access limits to thwart attacks such as denial of service and brute-force attacks.

Don told us that he believes the API security market is still very young and that most solutions so far don’t look at the whole picture. Wib claims to deliver real-time inspection, management, and control at all stages of the API lifecycle. For example, the platform can automate inventory and API change management; identify rogue, zombie, and shadow APIs; and analyze risks of the attack surface.

Wib isn’t the only company going after this market, of course, but what Don says is likely true – it’s early. Some other companies in the market include Noname, Traceable, Salt, and Boston-based ThreatX. Noname, based in San Jose with offices in Israel, has a very similar story to Wib, claiming a complete platform with API inventory monitoring. Traceable has received a lot of attention for recently raising $60 million in funding with a $450 million valuation.