Noname Security Platform Updates: 3.28 Release
Akamai acquired Noname Security in June 2024. The Noname Security product is now Akamai API Security, but this archived blog post reflects the product and feature names on the original date of publication.
The Noname Security 3.28 release supports policies to restrict API access based on IP addresses, a new method to discover and identify GraphQL APIs, and enhancements to Active Testing role-based access control.
Core Platform
IP-based API Access Restriction Policy
Noname Security supports the creation of incident policies that trigger when Noname detects API traffic anomalies. With this release, you can now create a custom incident policy to track and restrict access to specific APIs from unauthorized IP addresses.
Organizations can define an allowed list of IP addresses and create incidents whenever an incoming call is placed outside the allowed range. This allows companies with limited control over an API authentication mechanism to protect access to their data.
For example, a company partnering with third-party services can create a policy to identify when an API call is placed outside the partner’s IP range, which may signify an attack or undisclosed data processing relationships by the partner.
To learn more about incident policies, please see documentation.
Improved presentation of GraphQL APIs
With this release, the Noname Security platform utilizes a new method to distinguish GraphQL APIs. Previously, GraphQL APIs were distinguished based on the client-side operation name. Now, each GraphQL API is uniquely identified by a combination of the GraphQL endpoint, the type of GraphQL operation, and the top-level field. Since the top-level field represents the actual affected resource, and the operation name represents the user’s name for the specific API call, this method allows for a more precise and detailed analysis of API activities.
In addition, GraphQL APIs are now presented in the GraphQL request format schema, making it easier to understand the API structure and purpose. This new approach will improve the identification of GraphQL APIs, simplify inventory management, and optimize runtime attack detection.
Active Testing
Role-based access control enhancements
Active Testing supports role-based access control (RBAC) to manage permissions within Active Testing and enforce the principle of least privilege. Previously, Active Testing roles were predefined and managed independently from the Noname Security platform. Now, all role and permission management is unified for a more seamless and streamlined experience. In addition, you can now create new roles and associated permissions to granularly control access to specific actions and areas within Active Testing.
For example, you can use roles to assign access to specific applications or application groups. This provides companies with robust access management capabilities across the entire Noname platform and simplifies permission management at scale.
To learn more about role-based access control, please see Active Testing documentation.
For additional information about the Noname Security 3.28 release, please review the release notes.