Adara Ventures recently completed an initial investment in 42Crunch, the European cybersecurity startup based in London that is changing the way companies secure their API ecosystem.
APIs (Application Programming Interfaces) are a set of functions and procedures that facilitate the safe, reliable and stable communication between two applications for the exchange of messages and data. Nowadays, APIs are everywhere, with 83% of all web traffic occurring via API.
As APIs proliferate, so do cyberattacks that leverage vulnerabilities associated to them. Companies use internal APIs to access their microservices, SaaS APIs to draw in third party information, and external APIs providing functionalities to external developers. This creates a blurred security perimeter that may inadvertently offer an unsecured back door into an enterprise system. Gartner predicts:
The 42Crunch platform provides a set of automated tools to easily secure the entire API infrastructure by describing security in the API contract, and enforcing those policies throughout the entire lifecycle. Delivering security as code enables a seamless DevSecOps experience, allowing innovation at the speed of business without sacrificing the security of APIs.
The 42Crunch platform includes three components:
The Audit tool runs a static analysis of the OpenAPI definition of the contract against 200 security checks, automatically identifying specific errors and remedies.
By scanning in runtime, 42Crunch check that the implementation of the API and the behaviour of the backend service match the API contract. This helps identify potential issues such as data or exception leakage by detecting misconfigurations, misbehaviours, and APIs vulnerabilities.
Deployable with just one click, the API firewall automatically enforces security measures based on the OpenAPI definition and protects API endpoints wherever they are. Allowed operations are whitelisted, eliminating the need to implement custom rules or to guess which traffic is valid through AI. 42Crunch’s firewall is highly scalable, platform agnostic, and supports multi-cloud and multi-geo zone deployments.
Importantly, the 42Crunch API security solution has been integrated into GitHub, the world’s largest software development and code hosting platform. This integration allows millions of developers to try 42Crunch on any of their projects on GitHub, coupling API security review with their development workflow, and supporting the “shifting left” movement that seeks to make security an integral part of the development lifecycle.
42Crunch’s team, product and approach captivated us from our very first interaction. We are delighted to welcome them to our portfolio, joining exceptional cybersecurity teams Constella Intelligence, CounterCraft and Hdiv.