Owner security

Astrix Security emerges from stealth to help organizations spot malicious third-party apps – TechCrunch

Astrix Security, an Israeli cybersecurity startup that provides access management for third-party app integrations, emerged from stealth with $15 million in funding.

The startup was co-founded in 2021 by CEO Alon Jackson and CTO Idan Gour, both former members of Israel’s notorious Unit 8200 intelligence division, to help organizations monitor and control the complex network of third-party apps connected to their critical systems.

The number of integrations used by organizations has increased dramatically over the past couple of years due to the widespread shift to remote working and, therefore, cloud-based environments. Astrix asserts that while enterprises are largely proficient in managing user access to critical systems, the majority fail to manage access to APIs, exposing them to a growing attack surface vulnerable to supply chain attacks, data dumping and compliance. offences. That’s why the startup has developed Astrix Security, a platform that offers companies complete management of the integration lifecycle.

“Current solutions provide a security score that helps you assess the security posture of the applications you want to adopt. Others, like NoName, look into API security, which focuses on the APIs you develop and want others to use,” said Jackson, who was head of R&D at Argus before founding Astrix at TechCrunch. “We review third-party integrations; it could be your CRM on Salesforce or your IP on GitHub. These are all systems you haven’t developed, but you have API access enabled for them.

Astrix Security provides organizations with an immediate inventory of all third-party connectivity to enterprise applications. It automatically detects malicious changes and anomalies within these low-code or no-code integrations and workflow configurations and provides real-time remediation.

This technology, Jackson claims, could have prevented organizations from falling victim to the CodeCov hack last year, which saw attackers breach the company’s software audit tool to gain access to hundreds of its customers’ networks. .

“What happened is exactly what we’re building for; the developer has just added a new third-party connection on top of their code repository in GitHub. He deleted it, but did not revoke access, which led to the sale of all their intellectual property on the dark web,” Jackson said.

Astrix Security is already in the hands of a number of global enterprise customers, spanning the technology, healthtech and automotive industries. Jackson said the startup plans to use its $15 million seed investment, led by Bessemer Venture Partners and F2 Capital, with participation from Venrock and more than 20 cybersecurity angel investors, to expand its current team of 20 people and strengthen its go-to-market efforts.