Blog

The latest on app-to-app security, non-human identities risks, Astrix’s platform updates and more 

Securing non-human identities in Google Workspace

Google Workspace is a core productivity engine for many businesses. As such, employees are increasingly connecting third-party applications into their Google Email, Calendar, Docs, Drive and more in a bid to increase productivity. These connections are also created when users sign in to third-party apps using the Google Single Sign-On feature. Many of these third-party […]

Securing non-human identities in Slack

There are more than 2,400 apps in the Slack app directory, and many more from other, non-verified marketplaces that can be integrated via OAuth tokens and Webhooks. In fact, only about 10% of connections to Slack come from the official app directory, meaning that many organizations are using numerous third-party app connections with zero vetting, […]

Securing non-human identities in Microsoft 365 & Azure AD

To streamline workflows and maximize its functionality, Microsoft 365 & Azure Active Directory (AAD) can be connected to thousands of apps and services, as well as a large number of non-marketplace apps that can be connected via webhooks, OAuth tokens, API keys and workflow automation platforms. Each and every connection made between Microsoft 365 and […]

Securing non-human identities in Salesforce

Salesforce environments across the world are connected to 11,225,724 AppExchange services, as well as countless other non-exchange services that can be integrated into Salesforce environments via API keys, OAuth tokens, service accounts and more. All these non-human connections accessing sensitive Salesforce environments significantly expand the attack surface, exposing companies to supply chain attacks, data breaches […]

Astrix Security Takes Home Three Coveted Global InfoSec Awards

Dana Katz
Company Also Recognized as Innovation Sandbox Finalist at RSA Conference 2023 [New York, April 25, 2023] – Astrix Security, the enterprise’s trusted solution for securing non-human connections and identities, has been awarded three Global InfoSec Awards by Cyber Defense Magazine (CDM): “As we’ve seen the countless supply chain attack headlines – from GitHub to Slack […]

Astrix Discovers 0-Day Vulnerability in Google Cloud Platform

Dana Katz
The vulnerability, dubbed “GhostToken”, allows attackers to gain permanent and unremovable access to a victim’s Google account by converting an already authorized third-party application into a malicious trojan app, leaving the victim’s personal data exposed forever. This may include data stored on victim’s Google apps, such as Gmail, Drive, Docs, Photos, and Calendar, or Google Cloud Platform’s services (BigQuery, Google Compute, etc.).

Forbes – Shadow Connections: How They’re Impacting Your Production Environment And Software Supply Chain Security

Danielle Guetta
June 13, 2023
Astrix CEO & Co-Founder Alon Jackson’s latest article for Forbes emphasizes the risks posed by unmonitored third-party app-to-app connections in corporate environments. With the increasing use of interconnected applications, security teams often overlook these shadow connections, leaving potential vulnerabilities in the software supply chain.

Security Magazine – Non-human identities: Secure them now, not later

Danielle Guetta
June 13, 2023
Astrix CTO & Co-Founder Idan Gour shares his insights with Security Magazine about identity-related attacks being on the rise, with credential misuse becoming a prominent attack vector. Recent high-profile incidents have highlighted the exploitation of insecure non-human identities, such as API keys and OAuth tokens, to breach organizational systems, steal sensitive data, and cause disruptions.

Looking Back at Our Journey in the 2023 RSA Innovation Sandbox Contest

Danielle Guetta
With Q4 around the corner, a reflection on the year so far highlights a standout moment for us at Astrix Security – our achievement as a top 10 finalist in the esteemed RSA Innovation Sandbox contest. The RSA Innovation Sandbox contest isn’t your run-of-the-mill event. It’s a meeting ground for cybersecurity leaders, investors, and tech […]

Astrix Security was mentioned in a 2023 Gartner® report as a Representative Vendor for SSPM

Danielle Guetta
In the recent Gartner report titled  Quick Answer: Cloud, Kubernetes, SaaS — What’s the Best Security Posture Management for Your Cloud? Astrix Security is mentioned as a Representative Vendor in the SaaS Security Posture management (SSPM) market. In this short article we will cover key points from the Gartner report, and cover how the Astrix […]

Astrix Security mentioned in a 2023 Gartner® report under Secure Access to Machine and Environments tool

Danielle Guetta
In a recent Gartner report titled How to Select DevSecOps Tools for Secure Software Delivery, Astrix Security is mentioned as one of the vendors that addresses the need to secure access to machines and environments in the DevOps pipeline. In this short article we will cover key points from the report, and explain how Astrix […]

Astrix Security Raises $25M in Series A Funding

The investment will allow enterprises to further secure non-human identities and safely leverage the soaring adoption of third-party apps and Generative AI services  Your browser does not support the video tag. [New York, June 28, 2023] – Astrix Security, the enterprise’s trusted solution for securing non-human identities, has secured $25 million in Series A funding […]

Astrix Security is mentioned in two 2023 Gartner® reports

Danielle Guetta
Astrix Security is proud to announce it was mentioned as a representative vendor in a recent Gartner report Quick Answer: Cloud, Kubernetes, SaaS — What’s the Best Security Posture Management for Your Cloud?, and as a tool that addresses the need to secure access to machines and environments in the DevOps pipeline in Gartner’s report […]
What Your GitHub Connections May Trigger

Security Boulevard – Supply Chain Dependency: What Your GitHub Connections May Trigger

Dana Katz
March 6, 2023
Astrix CEO on why the recent Circle CI and Slack breaches should be a clear call-to-action for security leaders to start securing non-human access to their GitHub. 
OAuth breach

7 OAuth attacks in 10 months: The new generation of supply chain attacks

Dana Katz
January 10, 2023
After recent attacks, businesses are finally taking supply chain attacks seriously. Learn how to prevent the next generation of supply chain attacks.

GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts

Tal Skverer
The Astrix Research Group revealed a 0-day flaw in Google’s Cloud Platform (GCP) which affects all Google users. Our new research blog covers this vulnerability in detail. In it, we deep dive into everything from how it works to what makes it so severe and how it was eventually mitigated.

Astrix Security Named a Finalist for RSA Conference 2023 Innovation Sandbox

Company’s App-to-App Security Solution Recognized in Cyber Industry’s Most Prestigious Startup Competition
CircleCI Breach

The CircleCI breach: The results of a stolen access token

Idan Gour
January 16, 2023
CircleCI has confirmed that customers’ secrets and encryption keys were stolen. Learn more about the breach, it’s implications for third-party integrations, and how to minimize the risks of similar breaches.
Slack GitHub Breach

Slack’s GitHub breach: 6 tips to avoid similar attacks

Dana Katz
January 11, 2023
The Slack attack proves that organizations must protect API keys as vigorously as they protect passwords. Here are 6 tips to help you avoid similar attacks.
CircleCI Security

CircleCI Security Alert – Are You at Risk?

Idan Gour
January 5, 2023
After recent attacks, businesses are finally taking supply chain attacks seriously. Learn how to prevent the next generation of supply chain attacks.
Service account security

How to Close the Service Account Security Gap in GCP and Snowflake

Dalit Cohen
January 3, 2023
There’s a big security gap in data warehouses with 1000s of service accounts connecting them to other cloud-services. See how to reduce this attack surface
Astrix Security

2022 Recap: 6 Surprising Third-Party Connectivity Stats 

Dalit Cohen
January 3, 2023
From 1000s of tokens with access to core systems to 100s of unused tokens, here are our top six findings about app-to-app connectivity & security in 2022

Insecure third-party connections to your GitHub may trigger a supply chain attack

Unmonitored GitHub connections create a new ecosystem of supply chain dependencies that expand your attack surface and expose your organization to attacks.
Supply chain security attacks

Dark Reading – The Next Generation of Supply Chain Attacks is Here to Stay

Dana Katz
November 18, 2022
Astrix Security Co-Founder & CEO, Alon Jackson, has published his latest article for Dark Reading on why the new generation of supply chain attacks are here to stay.
Cybersecurity Breakthrough Awards

Astrix Security Wins 2022 Cybersecurity Breakthrough Award for Cloud Security

Dana Katz
October 6, 2022
Astrix claims the title of “PaaS Security Solution of the Year” in the sixth annual Cybersecurity Breakthrough Awards program by CyberSecurity Breakthrough, a leading independent market intelligence organization.
20 minute leaders

20 Minute Leaders: Leadership & the Future of App-to-App Security

Dana Katz
November 10, 2022
Astrix Security Co-Founder & CEO, Alon Jackson, recently caught up with Michael Matias of 20 Minute Leaders to discuss everything from the founding of Astrix Security, his background & leadership, to the need of app-to-app security.
DevOps Paradox

DevOps Paradox: Security Concerns in Low-Code and No-Code Applications

Dana Katz
September 5, 2022
Alon Jackson caught up with DevOps Paradox to discuss how trends like PLG and low-code and no-code increase third-party exposure to organizations’ most critical systems.
Dr Zero Trust

DrZeroTrust: Securing App-to-App Connectivity and Low or No Code Apps

Dana Katz
September 5, 2022
Listen to Alon Jackson on DrZeroTrust where he discusses securing third-party integrations, how organizations should address common risks, and the new generation of supply chain security attacks.
Third party app security

VentureBeat – Third-party app attacks: Lessons for the next cybersecurity frontier

Alon Jackson
August 22, 2022
Read Alon Jackson’s latest VentureBeat article where he discusses the rise of third-party app integrations & the challenges this creates for security teams.

Astrix on a CISO Series Episode: Hacking Third-Party Integrations

Dana Katz
July 15, 2022
Astrix Co-Founder & CEO, Alon Jackson, Dan Walsh, the CISO of VillageMD, and David Spark, host of CISO Series for an hour of critical thinking about securing app-to-app integrations. 
Securing app-to-app integrations

[New eBook] The Ultimate Guide to Securing App-to-App Integrations

Idan Gour
August 16, 2022
This eBook will help you understand the exact risks involved in app-to-app connectivity & best practices to minimize your attack surface.
Astrix Security Achieves SOC2 Certification

Astrix Security Achieves SOC 2 Type 2 Certification Five Months After Emerging from Stealth

Dana Katz
July 28, 2022
Completed only five months after emerging from stealth, the audit verifies that Astrix’s App-to-App Integration Security solution complies with the highest security principles

GitHub Apps Bug Created Significant 3rd-Party Risk: How You Can Stay Protected

Amit Levin
June 20, 2022
A recently disclosed bug in GitHub Apps could have been abused to grant excessive permissions to malicious third-party applications.

Securing everything connected. Not just everyone.

Astrix is the first integration access management solution – helping organizations unleash the power of automation and app integrations.

Astrix Security Named Winner of Global InfoSec Award at RSA 2022

By Dana Katz
June 6, 2022
Astrix wins Editor’s Choice Award in 10th Annual Global InfoSec Awards during the RSA Conference

5 cloud-app connectivity trends for 2022

Alon Jackson
February 8, 2022
Five key cloud adoption trends will shape the digital workforce – and the cybersecurity landscape – over the coming year.

The promise and peril of third-party integrations

Idan Gour
February 16, 2022
The explosion of third-party app integrations has unlocked productivity – and introduced dangerous new cybersecurity risks that enterprises need to contain.

TechCrunch – Astrix Security emerges from stealth to help organizations spot rogue third-party apps.

By Carly Page
February 23, 2022
Astrix Security, an Israeli cybersecurity startup that provides access management for third-party app integrations, has emerged from stealth with $15 million in funding.

PLG and security leaders: going with the flow

By Alon Jackson
April 20, 2022
Product-led growth strategy (PLG) and the barrage of 3rd-party cloud apps it has unleashed are here to stay. Security leaders need strategies to work with, not against, this shift in enterprise tech.

VentureBeat – Astrix emerges from stealth with 15M$ funding to secure 3rd-party app integrations

By Tim Keary
February 23, 2022
Today, Enterprise app security startup Astrix Security emerged from stealth with a $15 million seed funding round led by Bessemer Venture Partners with an app integration access management solution designed to protect enterprises’ third-party apps.
Load more    ↓

This site is using cookies for various purposes (analytics, marketing, user experience). You can read more in our privacy policy.

Request a demo

See how Astrix can help you take
control of your third-party integrations.


hbspt.forms.create({
region: "na1",
portalId: "21458832",
formId: "abe1ea2e-11bc-419f-85e8-a73058115089",
css:''
});

This will close in 0 seconds

Contact us


hbspt.forms.create({
region: "na1",
portalId: "21458832",
formId: "b166e75b-e8ad-4df1-8bd5-a46f5a4deb92",
css:''
});

This will close in 0 seconds