Blog
The latest on non-human identity risks, best practices, research insights, Astrix platform updates and more
Featured
OAuth attack against Microsoft by Midnight Blizzard
January 28, 2024
Midnight Blizzard, the Russian state-sponsored actors, were abusing OAuth applications as part of their attack against Microsoft’s corporate environment. Learn about the attack flow and get the recommended remediation steps.
Read more
Story 1: Removing super-admin tokens across 33 GitHub tenants in 2 hours
April 22, 2024
Join Astrix customers as they lead the non-human identity security frontier in this series “The Astrix stories: Real customer wins”. From building an automated process around NHI offboarding, to a collaboration between security and engineering to remove super-admin tokens in two hours – these real stories will help you understand what an NHI security strategy […]
Read more
What are non-human identities?
March 19, 2024
Non-human identities (NHI) are digital, automated and programmable access credentials that play a crucial role in securing systems, managing access, and ensuring the integrity of digital environments. NHIs come in the form of API keys, OAuth tokens, service accounts, and secrets, and are created daily by employees as they delegate access to external entities to automate tasks and increase business efficiency. Unlike human access, or user access, that are rigorously protected with Identity Access Management (IAM) policies and tools like multi-factor authentication (MFA) and single sign-on (SSO), NHI’s are more difficult to secure due to lack of visibility, monitoring, and governance.
Read more
How attackers exploit non-human identities: Workshop recap
March 11, 2024
In the workshop we demonstrated a full attack path exploiting non-human identities, starting with initial access to AWS through an exposed secret in a public GitHub repo. We then continued to privilege escalation through a service account, gained access to source code, and managed to steal customer details and perform a supply chain attack.
Read more
Astrix integrates with Slack
February 22, 2024
Astrix is now available on the Slack App Directory and enables enterprises to secure non-human identities in Slack environments leveraging AI detection capabilities. In addition, Astrix offers deeper integration with Slack, which enables customers to accelerate and streamline the remediation of non-human identity threats across additional core environments like Azure AD, Salesforce, AWS, Github, GCP, […]
Read more
Part 3: The anatomy of supply chain attacks: Non-human identities & TPRM failure
February 7, 2024
“Identity is the new perimeter.” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations – big or small. The realization that user identities and login credentials need to be […]
Read more
Breach analysis: Cloudflare falls victim to Okta attack
February 5, 2024
In a not-so-surprising turn of events, one of the victims in Okta’s supply chain attack reveals further exploits. Cloudflare recently reported that their entire Atlassian suite – Bitbucket, Jira and Confluence were breached back in November by the same threat actor that breached Okta’s support systems. In this article we will cover what happened in […]
Read more
Part 2: How attackers exploit OAuth: A deep dive
January 25, 2024
“Identity is the new perimeter.” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations – big or small. The realization that user identities and login credentials need to be […]
Read more
Part 1: Non-human identity security – The complete technical guide
January 9, 2024
“Identity is the new perimeter.” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations – big or small. The realization that user identities and login credentials need to be […]
Read more
Top 5 non-human identity attacks of 2023
January 2, 2024
2024 is here, and before we delve into new year resolutions and looking to the future, we wanted to take a moment and look back at some of the most high profile non-human identity attacks in 2023, rank the top 5, and see what we can learn from them. For that, our research team set […]
Read more
Practical ways to combat Generative-AI security risks
December 7, 2023
As many have come to realize in the cyber world, all that glitters is not gold. Generative AI, and its ability to automate work processes and boost productivity, is increasingly being used across all business environments. While it’s easy to get wrapped up in the excitement of these tools, like Otter.ai being able to recap […]
Read more
Astrix partners with Google Cloud
December 4, 2023
Astrix is excited to announce our partnership with Google Cloud. This collaboration is all about providing protection for Google Workspace and Google Cloud services, tackling non-human access and minimizing risks like supply chain attacks, data breaches, and compliance violations. With Astrix, organizations using Google services can now benefit from deep visibility and protection for all […]
Read more
Not just code vulnerabilities: The overlooked cause of software supply chain attacks
November 15, 2023
According to Gartner: “Software supply chain attacks have added a new dimension to software security problems because the software delivery pipelines and the tools used to build and deploy software are the new attack vectors.” While the software supply chain has been a huge catalyst for vulnerabilities, and consequently attacks, there is a new type […]
Read more
Astrix wins 2023 CISO Choice Awards in Cloud Security Solution category
November 13, 2023
We are thrilled to announce that Astrix Security has been recognized as the winner of the 2023 CISO Choice Awards in the Cloud Security Solution category. “I would like to congratulate Astrix Security for winning the 2023 CISO Choice Awards Cloud Security Solution Category. The field was exceptionally competitive this year, and our esteemed CISO […]
Read more
Sumo Logic: Compromised non-human access leads to potential supply-chain exploits
November 9, 2023
On Friday, November 3rd, Sumo Logic discovered that a compromised credential was used to access Sumo Logic’s AWS account. Since then, Sumo Logic rotated the exposed AWS credentials and locked down potentially affected infrastructure, and reported they didn’t detect access to customer’s data. Nonetheless, Sumo Logic still suggested that customers rotate all Sumo Logic API […]
Read more
The White House mentions Astrix as one of innovators for AI security Executive Order
November 6, 2023
Astrix Security Joins President Biden’s Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence In a significant step toward shaping the future of AI technology, the Biden Administration issued an Executive Order aimed at maximizing the potential of AI while managing its risks. The order is supported by members of Congress, labor unions and AI […]
Read more
13 non-human identity attacks in 16 months
February 6, 2024
A new generation of supply chain attacks has been rising in recent years. In such attacks, hackers abuse third-party & internal non-human identities as a means of accessing core business systems. While many conversations about supply chain security risks focus on vulnerabilities in software application components themselves, or in their human-to-app connections, they overlook a […]
Read more
The Okta breach: The results of a leaked service account
November 6, 2023
Two weeks ago Okta reported that attackers managed to steal credentials and access Okta’s support case management system. This allowed the attackers to view files uploaded by some Okta customers as part of recent support cases. Some of the affected customers are Cloudflare and BeyondTrust, which have since released their own reports about the effects […]
Read more
Securing non-human identities in Slack
There are more than 2,400 apps in the Slack app directory, and many more from other, non-verified marketplaces that can be integrated via OAuth tokens and Webhooks. In fact, only about 10% of connections to Slack come from the official app directory, meaning that many organizations are using numerous third-party app connections with zero vetting, […]
Read more
Securing non-human identities in Microsoft 365 & Azure AD
To streamline workflows and maximize its functionality, Microsoft 365 & Azure Active Directory (AAD) can be connected to thousands of apps and services, as well as a large number of non-marketplace apps that can be connected via webhooks, OAuth tokens, API keys and workflow automation platforms. Each and every connection made between Microsoft 365 and […]
Read more
Securing non-human identities in Salesforce
Salesforce environments across the world are connected to 11,225,724 AppExchange services, as well as countless other non-exchange services that can be integrated into Salesforce environments via API keys, OAuth tokens, service accounts and more. All these non-human connections accessing sensitive Salesforce environments significantly expand the attack surface, exposing companies to supply chain attacks, data breaches […]
Read more
Securing non-human identities in Google Workspace
Google Workspace is a core productivity engine for many businesses. As such, employees are increasingly connecting third-party applications into their Google Email, Calendar, Docs, Drive and more in a bid to increase productivity. These connections are also created when users sign in to third-party apps using the Google Single Sign-On feature. Many of these third-party […]
Read more
Astrix Security Takes Home Three Coveted Global InfoSec Awards
Company Also Recognized as Innovation Sandbox Finalist at RSA Conference 2023 [New York, April 25, 2023] – Astrix Security, the enterprise’s trusted solution for securing non-human connections and identities, has been awarded three Global InfoSec Awards by Cyber Defense Magazine (CDM): “As we’ve seen the countless supply chain attack headlines – from GitHub to Slack […]
Read more
Astrix Discovers 0-Day Vulnerability in Google Cloud Platform
The vulnerability, dubbed “GhostToken”, allows attackers to gain permanent and unremovable access to a victim’s Google account by converting an already authorized third-party application into a malicious trojan app, leaving the victim’s personal data exposed forever. This may include data stored on victim’s Google apps, such as Gmail, Drive, Docs, Photos, and Calendar, or Google Cloud Platform’s services (BigQuery, Google Compute, etc.).
Read more
Forbes – Shadow Connections: How They’re Impacting Your Production Environment And Software Supply Chain Security
June 13, 2023
Astrix CEO & Co-Founder Alon Jackson’s latest article for Forbes emphasizes the risks posed by unmonitored third-party app-to-app connections in corporate environments. With the increasing use of interconnected applications, security teams often overlook these shadow connections, leaving potential vulnerabilities in the software supply chain.
Read more
Security Magazine – Non-human identities: Secure them now, not later
June 13, 2023
Astrix CTO & Co-Founder Idan Gour shares his insights with Security Magazine about identity-related attacks being on the rise, with credential misuse becoming a prominent attack vector.
Recent high-profile incidents have highlighted the exploitation of insecure non-human identities, such as API keys and OAuth tokens, to breach organizational systems, steal sensitive data, and cause disruptions.
Read more
Key takeaways about GenAI risks from Gartner reports
As the buzz around GenAI security continues to grow, research reports around the burning subject continue to arise. In this article we will share key takeaways from two recent Gartner reports about GenAI related threats, why Astrix was mentioned in them, and the way we see them representing the new security landscape surrounding GenAI. In […]
Read more
Looking Back at Our Journey in the 2023 RSA Innovation Sandbox Contest
With Q4 around the corner, a reflection on the year so far highlights a standout moment for us at Astrix Security – our achievement as a top 10 finalist in the esteemed RSA Innovation Sandbox contest. The RSA Innovation Sandbox contest isn’t your run-of-the-mill event. It’s a meeting ground for cybersecurity leaders, investors, and tech […]
Read more
Astrix Security was mentioned in a 2023 Gartner® report as a Representative Vendor for SSPM
In the recent Gartner report titled Quick Answer: Cloud, Kubernetes, SaaS — What’s the Best Security Posture Management for Your Cloud? Astrix Security is mentioned as a Representative Vendor in the SaaS Security Posture management (SSPM) market. In this short article we will cover key points from the Gartner report, and cover how the Astrix […]
Read more
Astrix Security mentioned in a 2023 Gartner® report under Secure Access to Machine and Environments tool
In a recent Gartner report titled How to Select DevSecOps Tools for Secure Software Delivery, Astrix Security is mentioned as one of the vendors that addresses the need to secure access to machines and environments in the DevOps pipeline. In this short article we will cover key points from the report, and explain how Astrix […]
Read more
Astrix Security Raises $25M in Series A Funding
The investment will allow enterprises to further secure non-human identities and safely leverage the soaring adoption of third-party apps and Generative AI services Your browser does not support the video tag. [New York, June 28, 2023] – Astrix Security, the enterprise’s trusted solution for securing non-human identities, has secured $25 million in Series A funding […]
Read more
Astrix Security is mentioned in two 2023 Gartner® reports
Astrix Security is proud to announce it was mentioned as a representative vendor in a recent Gartner report Quick Answer: Cloud, Kubernetes, SaaS — What’s the Best Security Posture Management for Your Cloud?, and as a tool that addresses the need to secure access to machines and environments in the DevOps pipeline in Gartner’s report […]
Read more
GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts
The Astrix Research Group revealed a 0-day flaw in Google’s Cloud Platform (GCP) which affects all Google users. Our new research blog covers this vulnerability in detail. In it, we deep dive into everything from how it works to what makes it so severe and how it was eventually mitigated.
Read more