Aflac chooses Noname for API cybersecurity

Every API is different, and Aflac, the supplemental health insurance company, realized its strategy for digital transformation would be built mostly on APIs.

This sent the carrier looking to protect its APIs against cybersecurity issues such as direct attacks and data tampering, according to Karl Mattson, chief information security officer at Noname Security, an API security company. Noname announced a partnership with Aflac on October 25 to provide its API discovery and runtime protection services, along with automated AI and machine learning detection.

Aflac will be able to conduct real-time analysis of its online traffic, and get insights and protection about its cybersecurity risks using Noname's technology.

"Machine learning comes in because we need to understand the API and establish a baseline of behavior," said Mattson. "From those baseline behaviors, we establish thresholds for anomalies or use. When we exceed those thresholds, then we know we have a misuse in progress."

Since every API is different, however, every threshold is also different, he observed. "It's unlike most cybersecurity areas where you can log4j [the framework for logging problems in software execution or automation] or Windows Patch Tuesday, where we're all susceptible to the same risk," he said.

Noname also considers the context of where an API is on a network, whether it is supposed to be public-facing or not, according to Mattson. Aflac has a global estate of APIs.

"Noname Security is a visionary company, fundamentally reshaping how companies approach API security," said DJ Goldsworthy, VP, Security Operations & Threat Management at Aflac, in a statement. "They are continuing to innovate and solve new security challenges at a remarkable pace. They continually deliver because they listen to their customers and are invested in their success."