What’s next for open source in the decade of data

Open source is an engine for innovation, offering reliability, scalability and security for IT leaders intent on future-proofing their infrastructure. Learn how.

Neosec, a cybersecurity platform designed to secure APIs, today emerged from stealth with $20.7 million in series A funding from True Ventures, New Era Capital Partners, TLV, SixThirty, and several angel investors. According to CEO Giora Engel, the proceeds will be put toward product development and growing Neosec’s business in the U.S., Europe, the Middle East, and Asia.

Researchers are sounding the alarm on threats to enterprise security arising from insecure APIs. Last November, Forrester warned that organizations that fail to address API vulnerabilities could face significant data breaches. And in March, Salt Security released a report on API security that showed that that 91% of organizations suffered an API-related problem last year, with more than half (54%) reporting finding exploits in their service APIs.

Neosec claims to take a fundamentally different approach to app and API security without requiring the use of signatures, predetermined exploits, or on-premises deployment. The platform automatically finds all APIs involved with an organization and maintains a complete inventory, generating missing documentation for previously unknown APIs. Neosec also audits the risk posture of individual APIs and identifies those transferring sensitive data, revealing any discrepancies between existing API documentation and the parameters of the API. By automatically learning the baseline behavior of every API, Neosec can flag vulnerable or misconfigured APIs in need of fixing, according to Engel.

“Neosec was started by Ziv Sivan and I [in February 2020]. We previously founded LightCyber, which was acquired by Palo Alto Networks in 2017 and became the basis for extended detection and response. As a security researcher, extending back to my work with the Israel Defense Force and later with LightCyber and Palo Alto Networks, I pioneered the use of behavioral analytics for detection and response,” Engel told VentureBeat via email. “Networks are rapidly changing from traditional datacenter, on-premises models to ones that are fully cloud-based, connected, and governed by APIs that expose core business logic externally. After leaving Palo Alto Networks, I knew that APIs were the next frontier for security vulnerabilities that could make previous attacks look small.”

Protecting APIs

APIs are the building blocks of digital business, powering analytics, business intelligence, partner and supply chains, and the overall flow of business. They represent both a substantial portion of organizations’ traffic and a fast-growing blind spot, with most enterprises only aware of a portion of the APIs used by their customers. According to a Gartner webinar, by 2022, API attacks will become the most frequent attack type used against enterprise web apps. Adroit Market Research expects the API management market will reach $21.68 billion in value by 2028.

While plenty of security solutions address APIs in some fashion, like those offered by Neosec competitors Salt Security, Traceable, and Noname Security, it’s Engel’s assertion that they rely on traditional signatures, passing through API calls without practical checks of their usage. Many systems have no ability to recognize bad behavior within APIs, he says, while allowing authenticated clients to freely interact with them — assuming they’re safe and authorized.

“Because all the API data is stored in the cloud, the ability to examine the vast dataset to identify threats is possible [with Neosec]. For incident response, users of the Neosec platform can investigate what happened by examining the historical data. For threat hunting, they can use the data to build a hypothesis and reveal hidden threats,” Engel said. “Neosec makes all the data available to the analyst rather than being a black box.”

Neosec correlates and profiles users, customers, and partners that interact with APIs, creating baselines with context, timelines, and analysis for each. The platform ingests and analyzes API data out-of-band while enriching the API and entity data, reducing abuse and theft from API scraping.

“There are no competitors that employ true behavioral analytics and leverage the power of all the data in a software-as-a-service platform to prevent business abuse through APIs,” Engel said. “Because all the API data is stored in the cloud, the ability to examine the vast dataset to identify threats is possible. For incident response, users of the Neosec platform can investigate what happened by examining the historical data. For threat hunting, they can use the data to build a hypothesis and reveal hidden threats. Neosec makes all the data available to the analyst rather than being a black box.”

It’s early days, but Neosec says it already has paying enterprise customers as well as “notable” channel and technology partners. In the future, the company plans to double the size of its 20-person team, which is spread across offices in the U.S., Israel, and the U.K.

“The pandemic emphasized the need for accelerated digital transformation for many of our clients,” Engel added. “The nature of work is shifting. Physical business is declining and more is being done online, and new go-to-market strategies are emerging using new channels that rely on the continuous development of APIs. The pace of this transformation has accelerated significantly since the pandemic.”

Join the GamesBeat community!

Enjoy access to the GamesBeat Discord, special events, private newsletters and more.

Presented by Perforce

Founded in 2013, Bit Fry’s mission was to deliver a high-quality arcade experience straight to your smartphone. They wanted to bring back the look and feel of time-tested favorites like Blades of Steel, NBA Jam, NFL Blitz, and more.

Over the next six years, Bit Fry evolved into a gaming franchise. After their hit game Ultimate Rivals: The Rink launched in 2019 on Apple Arcade service, they embarked on their follow up game, Ultimate Rivals: The Court, which recently launched July 2021.

With teams constructing over 137 characters and counting, Bit Fry needed a way to scale their development pipeline on a tight timeline. On their journey, there were able to increase velocity, secure everything, and unify their teams as they transitioned to an on-premises solution.

Conquer challenges to accelerate and scale

When Bit Fry started working on their next game, teams were struggling to get the files and feedback they needed. Sync times were long. Builds took forever. The team was desperate for a solution. Initially, they looked at moving to Git.

But Git couldn’t handle their large files and binary assets. It also lacked integrated workflows to support animators, designers, and artists. Instead of moving to Git, Bit Fry needed to optimize their environment and scale.

Chris Kuffert, engineering director at Bit Fry explains, “I’m very glad we didn’t switch to Git at the end of it. The biggest reason was I don’t know how effectively it could handle locking of files.”

File locking, exclusive checkouts, and support for creatives were critical to iterate and test more. Without these features, they could easily overwrite files and binaries, which could lead to a time-consuming mess.

To resolve these issues, Bit Fry required a tool that could support how they work and meet the performance demands required for a growing studio. With quicker access, they could test more, and produce a better game.

Moving to on-premises was the first step. Then they could build out their pipelines. Perforce Helix Core version control provided the features teams needed. And by moving to their own servers, they could optimize for performance, dramatically shortening build times.

“We’re now at a point where we not only have five consistent builds running, but also the opportunity for all our engineers to run a subset of builds on shelved code. That has increased our velocity immensely,” according to Kuffert.

Sync times went from three hours to 10 minutes. Developers could check in code and artists could upload their assets without delay. Keeping teams moving increased innovation, without pushing their release date.

Because all of Bit Fry’s digital assets were stored and in one central depot, they could also enhance team collaboration.

Cross-team collaboration

Before, Bit Fry’s teams were collaborating, but not inside their tools. Builds required artists to contribute, but it would take up all the available bandwidth, slowing everyone else down. To avoid this, designers rarely pushed changes. This would impact developers, causing delays. Assets and code were left sitting outside of the server.

Setting up their architecture on-premises, Bit Fry removed barriers for their teams. Coders and creatives could push changes and files frequently. Bit Fry immediately noticed a change. Their depot grew exponentially, bumping up to 3 TB.

As people connected remotely, they were still able to get what they needed, fast. Teams could grab assets from other areas to repurpose. Central storage eliminated searching through emails and hard drives, promoting asset reuse and increasingly velocity.

Mark Strelow, director of animation, noticed his teams were able to easily get what they needed. “Our art directory contains all our animation assets. If someone’s working on a Maya file, they’ll do it straight in Perforce. And it’s ready for anyone else to grab.”

His animation team experienced improvements as well. Versioning was simple and faster. SJ Belen, animator at Bit Fry explains, “I don’t need to know how all this stuff works. It’s super simple. I can check out a file, get the latest files, and check them back in.”

Securely version everything

Security is a critical issue for game development companies, especially as they grow. Bit Fry recognized the need to balance access and security. They set up their environment to protect down to the individual file level. With Bit Fry’s source code and secrets safe, outsourced contributors could get access to only what they needed.

Keeping assets secure means protecting and efficiently storing all subsequent versions. Teams need to look back in time to know when, where, and how something evolved. Maintaining chain of custody over digital assets ensured the final game quality was high.

According to Art Director Sean O’Toole, “Perforce keeps things organized and retains our entire history.” This is a huge win for development teams and designers alike.

For Belen, “The iterative submission style allowed you to go back in and find an old version in the depot that someone worked on before, even if the current one maybe doesn’t work.” No matter the file, being able to secure and locate kept Bit Fry moving.

Support when and where you need it

When Bit Fry needed to migrate, they were in the middle of a release. “Our contract was expiring with our hosted solution, so we had to switch by the end of the month. But we also had to submit a delivery by the end of that month, and nothing was going to budge,” said technical director Alexander Brooks.

Perforce team members were vital to ensuring teams had no downtime as they moved to an on-premises solution. The shift happened mid-work week, with absolutely no disruption.

All assets were migrated with no data loss, no loss of logs, and no delays to development. Brooks gave his seal of approval, “There cannot be an hour of downtime and there wasn’t. We were good to go.”

How to build your dream team

This is only the start for Bit Fry. As they grew, they discovered, “If you spend the time and effort learning how to do it or set it up yourself, you’re setting your company up for more success and more flexibility,” said Brooks.

Want to see Bit Fry in action? Check out Ultimate Rivals: The Court. If you want to learn more about how Bit Fry made it work, join our webinar.

Professional tools at a premium price

Are you a small team with big ideas? Try Perforce Helix Core version control, free.

Katie Cole is Game Dev Evangelist at Perforce.

Sponsored articles are content produced by a company that is either paying for the post or has a business relationship with VentureBeat, and they’re always clearly marked. Content produced by our editorial team is never influenced by advertisers or sponsors in any way. For more information, contact [email protected].