4 min Security

Akamai acquires Noname Security: an inevitable move for API security companies?

Akamai acquires Noname Security: an inevitable move for API security companies?

Noname Security is in talks with Akamai for a possible sale. The API security player would cost Akamai $500 million as things stand, a halving of its market value from 2021. Can API security simply not stand on its own?

Update May 6

It is now clear that Akamai’s acquisition of Noname Security will take place. The parties involved reached an agreement and Akamai is going to pay $450 million for one of the bigger players in the API security space. You can read why this acquisition is not illogical in our original story below.

Original story from April 15

The two parties have yet to reach a deal, meaning negotiations could still lead to nothing. However, TechCrunch concludes that talks are already well underway, with half a billion as the expected acquisition amount. Early Noname investors would thereby secure a hefty return while parties who joined in late 2021 would break even. The 200 Noname employees in Palo Alto, California would join Akamai.

$500 million (nearly 470 million euros) is considerably less than Noname Security’s market value back in December 2021, when it was estimated at $1 billion in a Series C investment round. And that’s just when the API security market looks set to grow 6.6 percent a year through 2030. This makes sense, as nowadays 80 percent of all Internet traffic goes through an API. APIs are very attractive targets for attackers, as Noname Security CMO Mike O’Malley told us earlier this year. But how do we explain the not too lucrative move toward an Akamai acquisition of this company?

A separate API security product doesn’t seem to be the solution

It’s a commonly stated fact that security is now deeply relevant across the entire organization. However, it is not always possible to say who exactly should manage APIs and how one can secure them. Security parties often argue that API security fits within a broader solution. For example, Cisco now offers API security, having acquired Portshift in 2020. So far, Noname has focused on multiple partnerships, such as with Intel, IBM, the three hyperscalers and many a security company. The only question is: who within the organization is the right person to manage a separate API product?

Those collaborations hook into Noname’s API Security Platform, but platformization of just APIs doesn’t seem to work. Because these interfaces count as the highways between different services, their security should realistically fall within a larger platform that connects the security dots from the get go. A separate API security product does not seem to be the path to success because it increases the likelihood of blind spots.

Why Akamai?

If the acquisition goes through, Noname Security’s offering would logically fall under that of Akamai API Security. This product is less than a year old and was made possible by the acquisition of Israeli Neosec, which, like Noname, focused on API security. According to Akamai, the company has already applied the lessons of XDR (extended detection & response) to APIs with its own API security solution. Thus, following the lead of other security applications, the Akamai offering would respond to detections by immediately acting automatically (which is the whole idea behind ‘detection & response’, no one will be surprised to learn).

Security has not been the key behind Akamai’s success to date, as the company has primarily focused on providing CDNs (content delivery networks) and related cloud services. Since its acquisition of Linode (€790 million) in 2022, the company has been referring to the “distributed cloud,” a term that can be interpreted rather broadly. With its own offerings, Akamai wants to make it possible for a single application to run anywhere, expressing similar ambitions to cloud giants AWS, Microsoft and Google Cloud. The intended comprehensiveness is ambitious, but fits with Akamai’s main goal: availability at all times.

That means it wants to ensure smooth network traffic that handles scaling and increasing API usage smoothly. Given the critical role APIs play for organizations’ network traffic, the move to API security is not too big a step for Akamai. With the proposed acquisition of Noname Security, Akamai’s offerings would be much more clearly focused on protecting network traffic in a general sense.

The question now is whether Noname competitor Salt Security will follow the same path. That party, too, was worth more than 1.2 billion euros in early 2022. If Salt too is acquired by a larger security party, it would no longer be surprising. After all, the future of API security seems to be within a broader platform.