Blog

The latest on non-human identity risks, best practices, research insights, Astrix platform updates and more 

Story 3: Catching the Red-Team Red-Handed

Alex Flores, Danielle Guetta
July 2, 2024
Join Astrix customers as they lead the non-human identity security frontier in this series “The Astrix stories: Real customer wins”. From building an automated process around NHI offboarding, to a collaboration between security and engineering to remove super-admin tokens in two hours – these real stories will help you understand what an NHI security strategy […]
What is GenAI security

How generative AI impacts non-human identity security?

Astrix Security
The popularity of Generative AI apps such as ChatGPT, Gemini, GPT4, Adobe, and many more is undeniably changing how organizations operate. While these AI-powered apps offer exceptional capabilities to automate tasks and boost productivity, they also pose significant threats and expand an organization’s attack surface through various threat vectors – a major one of them […]
Tim's Cybersecurity Journey Blog

From Radio Shack to the Fortune 500 And now Astrix : My Cybersecurity Journey

Tim Youngblood
June 26, 2024
I started my career in technology at the age of 10 years old. I was a self-taught hacker who didn’t even own a computer. I read computer magazines and then played on computers at the local electronics store, Radio Shack. I’m lucky because I always knew I would be in technology. Hacking was a way […]

What is Identity Threat Detection And Response (ITDR)

Astrix Security
June 16, 2024
Identity Threat Detection and Response (ITDR) is a framework that focuses on protecting your organization from being compromised by threat actors exploiting your organization’s identities. Practically, ITDR solutions include system policies, best practices, and effective tools to monitor, detect, and respond to identity-based threats in real-time across an organization’s environments. Some other known identity threat […]

NHI attacks making waves: Insights on latest 5 incidents

Tal Skverer, Danielle Guetta
June 14, 2024
Non-human identity (NHI) attacks are making waves in the cybersecurity landscape, with five high-profile incidents reported in the past few weeks alone. To help you stay on top of this threat vector, our research team provides insights on the latest incidents in this short article. Let’s get started. Incident 1: Snowflake data breach by UNC5537 […]

Top 4 use cases of non-human identity security: Live event recap

Astrix Security
June 13, 2024
Last week we held an insightful live event featuring our solutions engineer, Michael Silva, and our CISO in Residence, Tim Youngblood. The event focused on the top four non-human identity (NHI) use cases that are crucial for security teams. Here’s a recap of the key points discussed during the session, as well as the recording […]

Securing non-human identities in AWS environments (and beyond)

Danielle Guetta
May 28, 2024
Non-human identities (NHIs) such as IAM users, roles, service accounts, external keys, and secrets are crucial for accessing resources within AWS environments. However, managing and securing these identities presents unique challenges. In this article, we will cover how Astrix helps you with the toughest questions of identity security: what permissions NHIs have, to which resources, […]
Astrix & Torq

Bridging the NHI security gap: Astrix and Torq partner up

Astrix Security
May 22, 2024
While zero-trust policies and identity-centric programs excel at protecting user identities and login credentials with IAM policies and security tools like MFA or IP restrictions, non-human identities (NHIs) like API keys, OAuth apps, service accounts, and secrets often lack visibility, monitoring, and governance. This gap has not gone unnoticed by attackers.
What are service accounts?

What are Service Accounts, and why are they important to secure?

Astrix Security
What are service accounts? Service Accounts are Non-Human Identity accounts used by machines or apps to communicate with one another within a system, unlike user or human accounts. Service Accounts, using machine credentials, provide privileged identities and permissions for applications, scripts, services, or virtual machines to perform tasks or access resources. This allows different systems […]
What are Machine Credentials

What are Machine Credentials, And Why Are They Important to Secure in Your Organization?

Astrix Security
WHAT are Machine Credentials? Machine Credentials are a collective noun for Non-human Identities that operate as digital access keys used by systems. They are used to authenticate and communicate securely with other applications or services in the organization’s environment. By verifying a machine’s unique identity, machine credentials allow safe, agreed-upon interaction. Machine credentials come in […]
What are OAuth tokens

What are OAuth Tokens, and why are they important to Secure?

Astrix Security
What are OAuth Tokens?  OAuth (Open Authorization) Tokens are Non-Human Identities that work as a secure authentication mechanism. They delegate access to third parties or external apps without exposing your environment’s sensitive credentials.  Organizations that rely on third-party applications and service integrations in their environments commonly use OAuth tokens. There are different kinds of OAuth […]

Astrix Security named a Cool Vendor in the 2023 Gartner Cool Vendors in Identity-First Security

Astrix
Company’s App-to-App Security Solution Recognized in Cyber Industry’s Most Prestigious Startup Competition

Story 2: Reducing new risk by 97% – The automation of security awareness

Alex Flores, Danielle Guetta
May 7, 2024
Join Astrix customers as they lead the non-human identity security frontier in this series “The Astrix stories: Real customer wins”. From building an automated process around NHI offboarding, to a collaboration between security and engineering to remove super-admin tokens in two hours – these real stories will help you understand what an NHI security strategy […]

Story 1: Removing super-admin tokens across 33 GitHub tenants in 2 hours

Alex Flores, Danielle Guetta
April 22, 2024
Join Astrix customers as they lead the non-human identity security frontier in this series “The Astrix stories: Real customer wins”. From building an automated process around NHI offboarding, to a collaboration between security and engineering to remove super-admin tokens in two hours – these real stories will help you understand what an NHI security strategy […]

Astrix takes home three 2024 Global InfoSec Awards

Astrix Security
May 6, 2024
Astrix Security, the enterprise’s trusted solution for securing non-human identities, has earned three awards from Cyber Defense Magazine (CDM): “While 49% of breaches involve stolen credentials, 90% of credentials are not protected by existing IAM solutions. Service accounts, API keys, OAuth apps, and other non-human identities hold privileged access to enterprise environments and stay under […]

What are non-human identities?

Astrix Security
March 19, 2024
Non-human identities (NHI) are digital, automated and programmable access credentials that play a crucial role in securing systems, managing access, and ensuring the integrity of digital environments. NHIs come in the form of API keys, OAuth tokens, service accounts, and secrets, and are created daily by employees as they delegate access to external entities to automate tasks and increase business efficiency. Unlike human access, or user access, that are rigorously protected with Identity Access Management (IAM) policies and tools like multi-factor authentication (MFA) and single sign-on (SSO), NHI’s are more difficult to secure due to lack of visibility, monitoring, and governance.

How attackers exploit non-human identities: Workshop recap

Tal Skverer, Danielle Guetta
March 11, 2024
In the workshop we demonstrated a full attack path exploiting non-human identities, starting with initial access to AWS through an exposed secret in a public GitHub repo. We then continued to privilege escalation through a service account, gained access to source code, and managed to steal customer details and perform a supply chain attack. 

Astrix integrates with Slack

Danielle Guetta
February 22, 2024
Astrix is now available on the Slack App Directory and enables enterprises to secure non-human identities in Slack environments leveraging AI detection capabilities. In addition, Astrix offers deeper integration with Slack, which enables customers to accelerate and streamline the remediation of non-human identity threats across additional core environments like Azure AD, Salesforce, AWS, Github, GCP, […]

Part 3: The anatomy of supply chain attacks: Non-human identities & TPRM failure

Alex Flores, Danielle Guetta, Tal Skverer
February 7, 2024
“Identity is the new perimeter.” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations – big or small. The realization that user identities and login credentials need to be […]

Breach analysis: Cloudflare falls victim to Okta attack

Tal Skverer, Danielle Guetta
February 5, 2024
In a not-so-surprising turn of events, one of the victims in Okta’s supply chain attack reveals further exploits. Cloudflare recently reported that their entire Atlassian suite – Bitbucket, Jira and Confluence were breached back in November by the same threat actor that breached Okta’s support systems.  In this article we will cover what happened in […]

Part 2: How attackers exploit OAuth: A deep dive

Michael Silva, Danielle Guetta, Tal Skverer
January 25, 2024
“Identity is the new perimeter.” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations – big or small. The realization that user identities and login credentials need to be […]

Part 1: Non-human identity security – The complete technical guide

Michael Silva, Danielle Guetta, Tal Skverer
January 9, 2024
“Identity is the new perimeter.” This catch phrase is present in almost every website of identity security vendors, and for a good reason. Human access, more commonly referred to as user access, is an established security program in most organizations – big or small. The realization that user identities and login credentials need to be […]

Top 5 non-human identity attacks of 2023

Tal Skverer & Danielle Guetta
January 2, 2024
2024 is here, and before we delve into new year resolutions and looking to the future, we wanted to take a moment and look back at some of the most high profile non-human identity attacks in 2023, rank the top 5, and see what we can learn from them. For that, our research team set […]

Practical ways to combat Generative-AI security risks

Idan Gour
December 7, 2023
As many have come to realize in the cyber world, all that glitters is not gold. Generative AI, and its ability to automate work processes and boost productivity, is increasingly being used across all business environments. While it’s easy to get wrapped up in the excitement of these tools, like Otter.ai being able to recap […]

Astrix partners with Google Cloud

Danielle Guetta
December 4, 2023
Astrix is excited to announce our partnership with Google Cloud. This collaboration is all about providing protection for Google Workspace and Google Cloud services, tackling non-human access and minimizing risks like supply chain attacks, data breaches, and compliance violations. With Astrix, organizations using Google services can now benefit from deep visibility and protection for all […]

Not just code vulnerabilities: The overlooked cause of software supply chain attacks

Danielle Guetta
November 15, 2023
According to Gartner: “Software supply chain attacks have added a new dimension to software security problems because the software delivery pipelines and the tools used to build and deploy software are the new attack vectors.”  While the software supply chain has been a huge catalyst for vulnerabilities, and consequently attacks, there is a new type […]

Astrix wins 2023 CISO Choice Awards in Cloud Security Solution category

Danielle Guetta
November 13, 2023
We are thrilled to announce that Astrix Security has been recognized as the winner of the 2023 CISO Choice Awards in the Cloud Security Solution category. “I would like to congratulate Astrix Security for winning the 2023 CISO Choice Awards Cloud Security Solution Category. The field was exceptionally competitive this year, and our esteemed CISO […]

Sumo Logic: Compromised non-human access leads to potential supply-chain exploits

Tal Skverer
November 9, 2023
On Friday, November 3rd, Sumo Logic discovered that a compromised credential was used to access Sumo Logic’s AWS account. Since then, Sumo Logic rotated the exposed AWS credentials and locked down potentially affected infrastructure, and reported they didn’t detect access to customer’s data.  Nonetheless, Sumo Logic still suggested that customers rotate all Sumo Logic API […]

The White House mentions Astrix as one of innovators for AI security Executive Order

Danielle Guetta
November 6, 2023
Astrix Security Joins President Biden’s Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence In a significant step toward shaping the future of AI technology, the Biden Administration issued an Executive Order aimed at maximizing the potential of AI while managing its risks. The order is supported by members of Congress, labor unions and AI […]

13 non-human identity attacks in 16 months

Dana Katz
May 19, 2024
A new generation of supply chain attacks has been rising in recent years. In such attacks, hackers abuse third-party & internal non-human identities as a means of accessing core business systems. While many conversations about supply chain security risks focus on vulnerabilities in software application components themselves, or in their human-to-app connections, they overlook a […]

The Okta breach: The results of a leaked service account

Tal Skverer
November 6, 2023
Two weeks ago Okta reported that attackers managed to steal credentials and access Okta’s support case management system. This allowed the attackers to view files uploaded by some Okta customers as part of recent support cases. Some of the affected customers are Cloudflare and BeyondTrust, which have since released their own reports about the effects […]

Securing non-human identities in Slack

There are more than 2,400 apps in the Slack app directory, and many more from other, non-verified marketplaces that can be integrated via OAuth tokens and Webhooks. In fact, only about 10% of connections to Slack come from the official app directory, meaning that many organizations are using numerous third-party app connections with zero vetting, […]

Securing non-human identities in Microsoft 365 & Azure AD

To streamline workflows and maximize its functionality, Microsoft 365 & Azure Active Directory (AAD) can be connected to thousands of apps and services, as well as a large number of non-marketplace apps that can be connected via webhooks, OAuth tokens, API keys and workflow automation platforms. Each and every connection made between Microsoft 365 and […]

Securing non-human identities in Salesforce

Salesforce environments across the world are connected to 11,225,724 AppExchange services, as well as countless other non-exchange services that can be integrated into Salesforce environments via API keys, OAuth tokens, service accounts and more. All these non-human connections accessing sensitive Salesforce environments significantly expand the attack surface, exposing companies to supply chain attacks, data breaches […]

Securing non-human identities in Google Workspace

Google Workspace is a core productivity engine for many businesses. As such, employees are increasingly connecting third-party applications into their Google Email, Calendar, Docs, Drive and more in a bid to increase productivity. These connections are also created when users sign in to third-party apps using the Google Single Sign-On feature. Many of these third-party […]

Astrix Security Takes Home Three Coveted Global InfoSec Awards

Dana Katz
Company Also Recognized as Innovation Sandbox Finalist at RSA Conference 2023 [New York, April 25, 2023] – Astrix Security, the enterprise’s trusted solution for securing non-human connections and identities, has been awarded three Global InfoSec Awards by Cyber Defense Magazine (CDM): “As we’ve seen the countless supply chain attack headlines – from GitHub to Slack […]

Astrix Discovers 0-Day Vulnerability in Google Cloud Platform

Dana Katz
The vulnerability, dubbed “GhostToken”, allows attackers to gain permanent and unremovable access to a victim’s Google account by converting an already authorized third-party application into a malicious trojan app, leaving the victim’s personal data exposed forever. This may include data stored on victim’s Google apps, such as Gmail, Drive, Docs, Photos, and Calendar, or Google Cloud Platform’s services (BigQuery, Google Compute, etc.).

Forbes – Shadow Connections: How They’re Impacting Your Production Environment And Software Supply Chain Security

Danielle Guetta
June 13, 2023
Astrix CEO & Co-Founder Alon Jackson’s latest article for Forbes emphasizes the risks posed by unmonitored third-party app-to-app connections in corporate environments. With the increasing use of interconnected applications, security teams often overlook these shadow connections, leaving potential vulnerabilities in the software supply chain.

Security Magazine – Non-human identities: Secure them now, not later

Danielle Guetta
June 13, 2023
Astrix CTO & Co-Founder Idan Gour shares his insights with Security Magazine about identity-related attacks being on the rise, with credential misuse becoming a prominent attack vector. Recent high-profile incidents have highlighted the exploitation of insecure non-human identities, such as API keys and OAuth tokens, to breach organizational systems, steal sensitive data, and cause disruptions.

Key takeaways about GenAI risks from Gartner reports

Danielle Guetta
As the buzz around GenAI security continues to grow, research reports around the burning subject continue to arise. In this article we will share key takeaways from two recent Gartner reports about GenAI related threats, why Astrix was mentioned in them, and the way we see them representing the new security landscape surrounding GenAI. In […]

Insecure third-party connections to your GitHub may trigger a supply chain attack

January 1, 2024
Unmonitored GitHub connections create a new ecosystem of supply chain dependencies that expand your attack surface and expose your organization to attacks.

Looking Back at Our Journey in the 2023 RSA Innovation Sandbox Contest

Danielle Guetta
With Q4 around the corner, a reflection on the year so far highlights a standout moment for us at Astrix Security – our achievement as a top 10 finalist in the esteemed RSA Innovation Sandbox contest. The RSA Innovation Sandbox contest isn’t your run-of-the-mill event. It’s a meeting ground for cybersecurity leaders, investors, and tech […]

Astrix Security was mentioned in a 2023 Gartner® report as a Representative Vendor for SSPM

Danielle Guetta
In the recent Gartner report titled  Quick Answer: Cloud, Kubernetes, SaaS — What’s the Best Security Posture Management for Your Cloud? Astrix Security is mentioned as a Representative Vendor in the SaaS Security Posture management (SSPM) market. In this short article we will cover key points from the Gartner report, and cover how the Astrix […]

Astrix Security mentioned in a 2023 Gartner® report under Secure Access to Machine and Environments tool

Danielle Guetta
In a recent Gartner report titled How to Select DevSecOps Tools for Secure Software Delivery, Astrix Security is mentioned as one of the vendors that addresses the need to secure access to machines and environments in the DevOps pipeline. In this short article we will cover key points from the report, and explain how Astrix […]

Astrix Security Raises $25M in Series A Funding

The investment will allow enterprises to further secure non-human identities and safely leverage the soaring adoption of third-party apps and Generative AI services  Your browser does not support the video tag. [New York, June 28, 2023] – Astrix Security, the enterprise’s trusted solution for securing non-human identities, has secured $25 million in Series A funding […]

Astrix Security is mentioned in two 2023 Gartner® reports

Danielle Guetta
Astrix Security is proud to announce it was mentioned as a representative vendor in a recent Gartner report Quick Answer: Cloud, Kubernetes, SaaS — What’s the Best Security Posture Management for Your Cloud?, and as a tool that addresses the need to secure access to machines and environments in the DevOps pipeline in Gartner’s report […]
What Your GitHub Connections May Trigger

Security Boulevard – Supply Chain Dependency: What Your GitHub Connections May Trigger

Dana Katz
March 6, 2023
Astrix CEO on why the recent Circle CI and Slack breaches should be a clear call-to-action for security leaders to start securing non-human access to their GitHub. 
Third party app security

VentureBeat – Third-party app attacks: Lessons for the next cybersecurity frontier

Alon Jackson
August 22, 2022
Read Alon Jackson’s latest VentureBeat article where he discusses the rise of third-party app integrations & the challenges this creates for security teams.

GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts

Tal Skverer
The Astrix Research Group revealed a 0-day flaw in Google’s Cloud Platform (GCP) which affects all Google users. Our new research blog covers this vulnerability in detail. In it, we deep dive into everything from how it works to what makes it so severe and how it was eventually mitigated.

Astrix on a CISO Series Episode: Hacking Third-Party Integrations

Dana Katz
July 15, 2022
Astrix Co-Founder & CEO, Alon Jackson, Dan Walsh, the CISO of VillageMD, and David Spark, host of CISO Series for an hour of critical thinking about securing app-to-app integrations. 

Astrix Security Named a Finalist for RSA Conference 2023 Innovation Sandbox

Astrix
Company’s App-to-App Security Solution Recognized in Cyber Industry’s Most Prestigious Startup Competition
Securing app-to-app integrations

[New eBook] The Ultimate Guide to Securing App-to-App Integrations

Idan Gour
August 16, 2022
This eBook will help you understand the exact risks involved in app-to-app connectivity & best practices to minimize your attack surface.
CircleCI Breach

The CircleCI breach: The results of a stolen access token

Idan Gour
January 16, 2023
CircleCI has confirmed that customers’ secrets and encryption keys were stolen. Learn more about the breach, it’s implications for third-party integrations, and how to minimize the risks of similar breaches.
Astrix Security Achieves SOC2 Certification

Astrix Security Achieves SOC 2 Type 2 Certification Five Months After Emerging from Stealth

Dana Katz
July 28, 2022
Completed only five months after emerging from stealth, the audit verifies that Astrix’s App-to-App Integration Security solution complies with the highest security principles
Slack GitHub Breach

Slack’s GitHub breach: 6 tips to avoid similar attacks

Dana Katz
January 11, 2023
The Slack attack proves that organizations must protect API keys as vigorously as they protect passwords. Here are 6 tips to help you avoid similar attacks.

GitHub Apps Bug Created Significant 3rd-Party Risk: How You Can Stay Protected

Amit Levin
June 20, 2022
A recently disclosed bug in GitHub Apps could have been abused to grant excessive permissions to malicious third-party applications.
CircleCI Security

CircleCI Security Alert – Are You at Risk?

Idan Gour
January 5, 2023
After recent attacks, businesses are finally taking supply chain attacks seriously. Learn how to prevent the next generation of supply chain attacks.

Securing everything connected. Not just everyone.

Astrix is the first integration access management solution – helping organizations unleash the power of automation and app integrations.

Astrix Security Named Winner of Global InfoSec Award at RSA 2022

By Dana Katz
June 6, 2022
Astrix wins Editor’s Choice Award in 10th Annual Global InfoSec Awards during the RSA Conference
Service account security

How to Close the Service Account Security Gap in GCP and Snowflake

Dalit Cohen
January 1, 2024
There’s a big security gap in data warehouses with 1000s of service accounts connecting them to other cloud-services. See how to reduce this attack surface

5 cloud-app connectivity trends for 2022

Alon Jackson
February 8, 2022
Five key cloud adoption trends will shape the digital workforce – and the cybersecurity landscape – over the coming year.
Astrix Security

2022 Recap: 6 Surprising Third-Party Connectivity Stats 

Dalit Cohen
January 3, 2023
From 1000s of tokens with access to core systems to 100s of unused tokens, here are our top six findings about app-to-app connectivity & security in 2022

The promise and peril of third-party integrations

Idan Gour
February 16, 2022
The explosion of third-party app integrations has unlocked productivity – and introduced dangerous new cybersecurity risks that enterprises need to contain.
Supply chain security attacks

Dark Reading – The Next Generation of Supply Chain Attacks is Here to Stay

Dana Katz
November 18, 2022
Astrix Security Co-Founder & CEO, Alon Jackson, has published his latest article for Dark Reading on why the new generation of supply chain attacks are here to stay.

TechCrunch – Astrix Security emerges from stealth to help organizations spot rogue third-party apps.

By Carly Page
February 23, 2022
Astrix Security, an Israeli cybersecurity startup that provides access management for third-party app integrations, has emerged from stealth with $15 million in funding.
Cybersecurity Breakthrough Awards

Astrix Security Wins 2022 Cybersecurity Breakthrough Award for Cloud Security

Dana Katz
October 6, 2022
Astrix claims the title of “PaaS Security Solution of the Year” in the sixth annual Cybersecurity Breakthrough Awards program by CyberSecurity Breakthrough, a leading independent market intelligence organization.

PLG and security leaders: going with the flow

By Alon Jackson
April 20, 2022
Product-led growth strategy (PLG) and the barrage of 3rd-party cloud apps it has unleashed are here to stay. Security leaders need strategies to work with, not against, this shift in enterprise tech.
20 minute leaders

20 Minute Leaders: Leadership & the Future of App-to-App Security

Dana Katz
November 10, 2022
Astrix Security Co-Founder & CEO, Alon Jackson, recently caught up with Michael Matias of 20 Minute Leaders to discuss everything from the founding of Astrix Security, his background & leadership, to the need of app-to-app security.

VentureBeat – Astrix emerges from stealth with 15M$ funding to secure 3rd-party app integrations

By Tim Keary
February 23, 2022
Today, Enterprise app security startup Astrix Security emerged from stealth with a $15 million seed funding round led by Bessemer Venture Partners with an app integration access management solution designed to protect enterprises’ third-party apps.
Dr Zero Trust

DrZeroTrust: Securing App-to-App Connectivity and Low or No Code Apps

Dana Katz
September 5, 2022
Listen to Alon Jackson on DrZeroTrust where he discusses securing third-party integrations, how organizations should address common risks, and the new generation of supply chain security attacks.
DevOps Paradox

DevOps Paradox: Security Concerns in Low-Code and No-Code Applications

Dana Katz
September 5, 2022
Alon Jackson caught up with DevOps Paradox to discuss how trends like PLG and low-code and no-code increase third-party exposure to organizations’ most critical systems.
Load more    ↓

This site is using cookies for various purposes (analytics, marketing, user experience). You can read more in our privacy policy.

Request a demo

See how Astrix can help you take
control of your third-party integrations.



This will close in 0 seconds

Contact us



This will close in 0 seconds