Astrix Security Named Winner of Global InfoSec Award at RSA 2022

Exciting news from RSA Conference 2022

Astrix Security, the industry’s first solution to secure app-to-app integrations, has won the coveted Global Infosec Award for Third Party Cyber Risk Management from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine.

“Astrix embodies three major features we judges look for to become winners: understanding tomorrow’s threats, today, providing a cost-effective solution and innovating in unexpected ways that can help mitigate cyber risk and get one step ahead of the next breach,” said Gary S. Miliefsky, Publisher of Cyber Defense Magazine.”

“This is a tremendous honor,” said Alon Jackson, Astrix CEO and co-founder. “Being recognized by CDM’s panel of top judges – who are leading information security experts from across the globe – signals that the industry acknowledges the pressing need to secure app-to-app connectivity, not just human-to-app connectivity.”

Astrix Security has emerged to solve a critical security gap for companies struggling with seismic shifts in the security landscape. The shift to remote or hybrid digital workforces, end-user software adoption, and low-code/no-code automation have all contributed to a tangled web of third-party applications connected to sensitive core systems. Meanwhile, existing security solutions focus solely on traditional user-to-app connectivity – not on the soaring app-to-app connectivity leading modern digital workforce transformation. 

In today’s hyper interconnected workspace, employees can freely and independently integrate cloud services and APIs into core business applications (like Google Workspace, Office 365, Salesforce, Snowflake, and Github) – all in an effort to get their jobs done more quickly and efficiently. For example: 

  • An engineering team lead using a new cloud-based dev productivity tool that relies on API access to your source code repositories.
  • A marketing operations manager trialing a new SaaS prospecting tool – and integrating it directly with your Salesforce instance to automatically sync leads. 

These connections bring daunting new security challenges and extend organizations’ attack surface.

“The recent attacks on GithubOkta, and Mailchimp show the devastating risks of under-monitored, over-provisioned third-party app integrations with a company’s most sensitive systems,” said Jackson. “Improperly secured app-to-app connections massively increase the likelihood of supply chain attacks, data breaches, and compliance violations.”

Astrix is the first solution purpose-built to secure app-to-app integrations. With agentless, one-click deployment, Astrix enables security teams to instantly see through the fog of connections, detect redundant, misconfigured and malicious third-party exposure to their critical systems – enabling their business to unleash the power of integrations and automation while seamlessly controlling security and compliance.

Learn more about how Astrix helps enterprises secure everything connected – not just everyone.

Request a demo

See how Astrix can help you take
control of your third-party integrations.

This will close in 0 seconds

Contact us

This will close in 0 seconds

The Ultimate Guide to Securing App-to-App Integrations

How to discover and remediate over-privileged, unnecessary, and malicious integrations to your most critical systems.

This will close in 0 seconds

Risk #3: Compliance violations
  • What it is: An act that compromises an organization’s ability to comply with relevant governmental, legal, or industry frameworks – for example, data privacy regulations (like GDPR) or security and governance (like SOC 2).
  • Recent example: Ticketmaster received a $1.6 million fine for GDPR violations after hackers exploited vulnerabilities in the code of a third-party chat app vendor on its checkout page, exposing customers’ personal and payment data.
  • Why third-party integrations increase the risk: Any third-party application involved in data processing is part of an enterprise’s regulatory purview – meaning that the organization is ultimately responsible (often financially and legally) for its handling of sensitive data.
Risk #2: Direct malicious access
  • What it is: Malicious actors seek direct access to core platforms by tricking users into providing consent (via OAuth permissions rather than explicit credential phishing) or by taking advantage of leaked API keys, certificates, webhooks urls, etc.
  • Recent example: Microsoft recently warned of a phishing attack in which Office 365 users received emails intended to trick them into granting OAuth permissions to a fake app.
  • Why third-party integrations increase the risk: With third-party applications increasingly integrated to core platforms, access tokens enable malicious actors access to data and operations on organization critical systems.
Risk #1: Supply chain attacks
  • What it is: A third-party app integrated to a trustworthy central platform may “leak” sensitive data into a less secure environment. Malicious actors abuse security vulnerabilities associated with a legitimate (but less secure) third-party application – and exploit its privileged access to sensitive information (like credentials or data).
  • Recent example: Hackers compromised the software development tool Codecov to gain access to – and rapidly copy and export to an attacker-controlled server – sensitive secrets,credentials and IP associated with software accounts at thousands of clients.
  • Why third-party integrations increase the risk: More and more third-party applications hold the “keys to the kingdom”: the most privileged credentials in the enterprise. Any third party application that can be compromised opens up the possibility of unauthorized intrusion (and data extraction, ransoming, and more) by malicious actors.