In the recent Gartner report titled Quick Answer: Cloud, Kubernetes, SaaS — What’s the Best Security Posture Management for Your Cloud? Astrix Security is mentioned as a Representative Vendor in the SaaS Security Posture management (SSPM) market. In this short article we will cover key points from the Gartner report, and cover how the Astrix Security Platform can address the SSPM use case.
According to the Gartner report, “Managing the posture of cloud environments is increasingly important, but there is a bewildering array of security posture management approaches. Security and risk management leaders need to select the right approach to realize the benefits of these tools.”
When it comes to SSPM (SaaS security posture management) solutions, Gartner analysts mention that “SaaS protection remains segregated from IaaS and PaaS, and is covered by a separate family of SSPM products”. In our opinion, while this is predominantly true in the SSPM market, the Astrix platform aims to be an exception by providing customers with a complete security solution for non-human access to cloud-based core systems, securing their app-to-app connections across SaaS, IaaS and PaaS environments – from Salesforce, GitHub and Office365 to Workato, Zapier and BigQuery.
The crippling recent attacks on Microsoft, Github, Mailchimp and CircleCI reveal a new generation of supply chain attacks in which attackers take advantage of access granted to third-party cloud services as a backdoor into the companies’ most sensitive core systems.
Everything-as-a-service encourages end users to continuously integrate third-party apps into the fabric of the enterprise, resulting in a growing mesh of shadow integrations threatening to expose companies’ most sensitive systems to supply chain attacks, data breaches, account takeovers and compliance violations.
To us, what makes the Astrix platform a game changer in the space is that it provides security leaders with holistic visibility as well as threat detection and remediation across their non-human connections with third-party cloud services, from issued OAuth tokens, API keys, service accounts, SSH keys, and webhooks, to indirect connections via no-code/low-code automation platforms and Shadow connections (for example, an API key issued by a developer to test a new CI/CD service).
This helps security teams control all non-human connections to their core systems, whether through a “classic” structured connection from a marketplace app, or a hidden, forgotten connection through a no-code/low-code automation platform or an issued SSH token.
In the report, Gartner also mentions that “SSPM products focus on some combination of the configuration of a set of SaaS platforms and the interconnection of SaaS platforms. Prefer those that support at least these two approaches.” We believe that the Astrix Security Platform addresses these two approaches from a unique perspective focused on non-human connectivity, continuously monitoring customers’ entire app-to-app connections – across SaaS, IaaS, and on-prem. Astrix analyzes the identity behind these connections and provides actionable context including their potential risk, exposure levels, permissions, business justification, and usage levels. This helps security teams to quickly detect and mitigate risky connections to third-party services, and not just control their initial configuration.
With API-first, SaaS adoption, PLG, and LC/NC initiatives becoming the norm, app-to-app connectivity will continue to grow exponentially. Securing it requires specific-domain expertise and continuous research to identify emerging threats. While Astrix addresses a significant use case of the SSPM category, our mission is to enable organizations to secure their app-to-app connections across their IaaS, PaaS and SaaS environments, regardless of where they run.
Astrix already helps cloud-first companies such as Figma, Exabeam, Pagaya and Bloomreach to safely unleash the power of app-to-app integration and automation. Schedule a live demo to see how it works.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.
Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.