Blog
The latest on app-to-app security, non-human identities risks, Astrix’s platform updates and more

Featured
Astrix Security named a Cool Vendor in the 2023 Gartner Cool Vendors in Identity-First Security
Company’s App-to-App Security Solution Recognized in Cyber Industry’s Most Prestigious Startup Competition
Read more

Securing non-human identities in Google Workspace
Google Workspace is a core productivity engine for many businesses. As such, employees are increasingly connecting third-party applications into their Google Email, Calendar, Docs, Drive and more in a bid to increase productivity. These connections are also created when users sign in to third-party apps using the Google Single Sign-On feature. Many of these third-party […]
Read more

Securing non-human identities in Slack
There are more than 2,400 apps in the Slack app directory, and many more from other, non-verified marketplaces that can be integrated via OAuth tokens and Webhooks. In fact, only about 10% of connections to Slack come from the official app directory, meaning that many organizations are using numerous third-party app connections with zero vetting, […]
Read more

Securing non-human identities in Microsoft 365 & Azure AD
To streamline workflows and maximize its functionality, Microsoft 365 & Azure Active Directory (AAD) can be connected to thousands of apps and services, as well as a large number of non-marketplace apps that can be connected via webhooks, OAuth tokens, API keys and workflow automation platforms. Each and every connection made between Microsoft 365 and […]
Read more

Securing non-human identities in Salesforce
Salesforce environments across the world are connected to 11,225,724 AppExchange services, as well as countless other non-exchange services that can be integrated into Salesforce environments via API keys, OAuth tokens, service accounts and more. All these non-human connections accessing sensitive Salesforce environments significantly expand the attack surface, exposing companies to supply chain attacks, data breaches […]
Read more

Astrix Security Takes Home Three Coveted Global InfoSec Awards
Company Also Recognized as Innovation Sandbox Finalist at RSA Conference 2023 [New York, April 25, 2023] – Astrix Security, the enterprise’s trusted solution for securing non-human connections and identities, has been awarded three Global InfoSec Awards by Cyber Defense Magazine (CDM): “As we’ve seen the countless supply chain attack headlines – from GitHub to Slack […]
Read more

Astrix Discovers 0-Day Vulnerability in Google Cloud Platform
The vulnerability, dubbed “GhostToken”, allows attackers to gain permanent and unremovable access to a victim’s Google account by converting an already authorized third-party application into a malicious trojan app, leaving the victim’s personal data exposed forever. This may include data stored on victim’s Google apps, such as Gmail, Drive, Docs, Photos, and Calendar, or Google Cloud Platform’s services (BigQuery, Google Compute, etc.).
Read more

Forbes – Shadow Connections: How They’re Impacting Your Production Environment And Software Supply Chain Security
June 13, 2023
Astrix CEO & Co-Founder Alon Jackson’s latest article for Forbes emphasizes the risks posed by unmonitored third-party app-to-app connections in corporate environments. With the increasing use of interconnected applications, security teams often overlook these shadow connections, leaving potential vulnerabilities in the software supply chain.
Read more

Security Magazine – Non-human identities: Secure them now, not later
June 13, 2023
Astrix CTO & Co-Founder Idan Gour shares his insights with Security Magazine about identity-related attacks being on the rise, with credential misuse becoming a prominent attack vector.
Recent high-profile incidents have highlighted the exploitation of insecure non-human identities, such as API keys and OAuth tokens, to breach organizational systems, steal sensitive data, and cause disruptions.
Read more

Looking Back at Our Journey in the 2023 RSA Innovation Sandbox Contest
With Q4 around the corner, a reflection on the year so far highlights a standout moment for us at Astrix Security – our achievement as a top 10 finalist in the esteemed RSA Innovation Sandbox contest. The RSA Innovation Sandbox contest isn’t your run-of-the-mill event. It’s a meeting ground for cybersecurity leaders, investors, and tech […]
Read more

Astrix Security was mentioned in a 2023 Gartner® report as a Representative Vendor for SSPM
In the recent Gartner report titled Quick Answer: Cloud, Kubernetes, SaaS — What’s the Best Security Posture Management for Your Cloud? Astrix Security is mentioned as a Representative Vendor in the SaaS Security Posture management (SSPM) market. In this short article we will cover key points from the Gartner report, and cover how the Astrix […]
Read more

Astrix Security mentioned in a 2023 Gartner® report under Secure Access to Machine and Environments tool
In a recent Gartner report titled How to Select DevSecOps Tools for Secure Software Delivery, Astrix Security is mentioned as one of the vendors that addresses the need to secure access to machines and environments in the DevOps pipeline. In this short article we will cover key points from the report, and explain how Astrix […]
Read more

Astrix Security Raises $25M in Series A Funding
The investment will allow enterprises to further secure non-human identities and safely leverage the soaring adoption of third-party apps and Generative AI services Your browser does not support the video tag. [New York, June 28, 2023] – Astrix Security, the enterprise’s trusted solution for securing non-human identities, has secured $25 million in Series A funding […]
Read more

Astrix Security is mentioned in two 2023 Gartner® reports
Astrix Security is proud to announce it was mentioned as a representative vendor in a recent Gartner report Quick Answer: Cloud, Kubernetes, SaaS — What’s the Best Security Posture Management for Your Cloud?, and as a tool that addresses the need to secure access to machines and environments in the DevOps pipeline in Gartner’s report […]
Read more

GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts
The Astrix Research Group revealed a 0-day flaw in Google’s Cloud Platform (GCP) which affects all Google users. Our new research blog covers this vulnerability in detail. In it, we deep dive into everything from how it works to what makes it so severe and how it was eventually mitigated.
Read more

Astrix Security Wins 2022 Cybersecurity Breakthrough Award for Cloud Security
October 6, 2022
Astrix claims the title of “PaaS Security Solution of the Year” in the sixth annual Cybersecurity Breakthrough Awards program by CyberSecurity Breakthrough, a leading independent market intelligence organization.
Read more

20 Minute Leaders: Leadership & the Future of App-to-App Security
November 10, 2022
Astrix Security Co-Founder & CEO, Alon Jackson, recently caught up with Michael Matias of 20 Minute Leaders to discuss everything from the founding of Astrix Security, his background & leadership, to the need of app-to-app security.
Read more

VentureBeat – Astrix emerges from stealth with 15M$ funding to secure 3rd-party app integrations
February 23, 2022
Today, Enterprise app security startup Astrix Security emerged from stealth with a $15 million seed funding round led by Bessemer Venture Partners with an app integration access management solution designed to protect enterprises’ third-party apps.
Read more