Back

Astrix Security Achieves SOC 2 Type 2 Certification Five Months After Emerging from Stealth

The audit verifies that Astrix’s App-to-App Integration Security solution complies with the highest security principles

[Tel Aviv, Israel – July 28, 2022] – Astrix Security, the first solution securing app-to-app integrations, today announced that it has successfully completed a System and Organization Controls (SOC) 2 Type 2 compliance audit. Conducted by a Big Four audit firm, the compliance audit reviewed Astrix’s App-to-App Integration Security solution, which protects enterprises as they connect to third-party integrations across their XaaS critical systems, along with all security controls and practices, and found no deficiencies. 

A SOC 2 Type 2 certification verifies that the company’s information security practices and processes meet the trust principles criteria for security, availability, processing integrity, confidentiality, and privacy. In today’s cyber threat landscape, the audit also demonstrates a company’s compliance with critical security policies over an extended period of time. 

 

“We have always held ourselves to the highest standard of security, which is why we invested significant effort and resources into achieving this milestone, and we are proud to have done this so soon after our launch,” said Alon Jackson, CEO and Co-Founder of Astrix. “Receiving this certification demonstrates our ability to offer our customers the highest quality solutions to protect them from the sprawling new attack surface of app-to-app connectivity.” 

Astrix Security Achieves SOC2 Certification

Astrix launched from stealth in February 2022 with a $15 million seed round led by Bessemer Venture Partners and F2 Venture Capital, with participation from Venrock and numerous cybersecurity angel investors. Co-founded by CEO Alon Jackson and CTO Idan Gour, Astrix enables organizations to unleash the power of integration and automation by securing their critical systems as they continuously connect with third-party applications. The agentless, easy-to-deploy solution provides security teams with holistic visibility into all their app-to-app connections, and instantly detects and mitigates integration threats with automated remediation workflows, all while continuously minimizing third-party exposure with zero-trust policies and automated enforcement guardrails. 


“Successfully meeting the strenuous SOC 2 standards with zero exceptions listed is a momentous achievement for any company, let alone one that emerged from stealth just five months ago,” said Achiad Alter, VP Operations of Astrix. “Not only does it reflect Astrix’s top-notch solution, but it also recognizes our internal commitment to adhering to industry best practices from day one.”

About Astrix

Founded in Tel Aviv in 2021, Astrix Security protects cloud-first companies’ growing third-party app interconnectivity against the clear and imminent threat of service supply chain attacks. By leveraging their unique “attacker” point of view, Astrix ensures enterprises’ cloud services securely connect to their critical systems, enabling them to safely unleash the power of app-to-app integration and automation. The agentless, easy-to-deploy solution provides security teams with holistic visibility into all their app-to-app connections and instantly detects and mitigates integration threats with automated remediation workflows, while continuously minimizing third-party exposure with zero-trust policies and automated enforcement guardrails. Astrix’s rapidly expanding team is made up of subject matter experts and was founded by veterans of the Israel Defense Forces’ 8200 military intelligence unit CEO Alon Jackson and CTO Idan Gour. Astrix is backed by leading investors Bessemer Venture Partners, F2 Venture Capital, and Venrock.

Request a demo

See how Astrix can help you take
control of your third-party integrations.



This will close in 0 seconds

Contact us



This will close in 0 seconds

The Ultimate Guide to Securing App-to-App Integrations

How to discover and remediate over-privileged, unnecessary, and malicious integrations to your most critical systems.

This will close in 0 seconds

Risk #3: Compliance violations
  • What it is: An act that compromises an organization’s ability to comply with relevant governmental, legal, or industry frameworks – for example, data privacy regulations (like GDPR) or security and governance (like SOC 2).
  • Recent example: Ticketmaster received a $1.6 million fine for GDPR violations after hackers exploited vulnerabilities in the code of a third-party chat app vendor on its checkout page, exposing customers’ personal and payment data.
  • Why third-party integrations increase the risk: Any third-party application involved in data processing is part of an enterprise’s regulatory purview – meaning that the organization is ultimately responsible (often financially and legally) for its handling of sensitive data.
Risk #2: Direct malicious access
  • What it is: Malicious actors seek direct access to core platforms by tricking users into providing consent (via OAuth permissions rather than explicit credential phishing) or by taking advantage of leaked API keys, certificates, webhooks urls, etc.
  • Recent example: Microsoft recently warned of a phishing attack in which Office 365 users received emails intended to trick them into granting OAuth permissions to a fake app.
  • Why third-party integrations increase the risk: With third-party applications increasingly integrated to core platforms, access tokens enable malicious actors access to data and operations on organization critical systems.
Risk #1: Supply chain attacks
  • What it is: A third-party app integrated to a trustworthy central platform may “leak” sensitive data into a less secure environment. Malicious actors abuse security vulnerabilities associated with a legitimate (but less secure) third-party application – and exploit its privileged access to sensitive information (like credentials or data).
  • Recent example: Hackers compromised the software development tool Codecov to gain access to – and rapidly copy and export to an attacker-controlled server – sensitive secrets,credentials and IP associated with software accounts at thousands of clients.
  • Why third-party integrations increase the risk: More and more third-party applications hold the “keys to the kingdom”: the most privileged credentials in the enterprise. Any third party application that can be compromised opens up the possibility of unauthorized intrusion (and data extraction, ransoming, and more) by malicious actors.