Story 2: Reducing new risk by 97% – The automation of security awareness
Join Astrix customers as they lead the non-human identity security frontier in this series “The Astrix stories: Real customer wins”. From building an automated process around NHI offboarding, to a collaboration between security and engineering to remove super-admin tokens in two hours – these real stories will help you understand what an NHI security strategy looks like for Astrix customers.
Chapter 1: Educating employees with the Astrix chatbot
Billions of dollars are spent annually on educating employees to safely use and adopt new technology. At the heart of integrating new tools and AI-driven solutions are non-human identities: service accounts, API keys, webhooks and OAuth tokens that connect one technology to another.
Ensuring employees do not fall victim to attacks that aim to exploit their access to critical environments like AWS, Salesforce, and Google Workspace is a constant struggle in a security leader’s life.
For the CISO of an international travel agency that relies on its digital presence 24/7 for marketing, booking, and customer support, the challenges of identifying and controlling non-human access created by employees have always lingered in the back of his head. This brought him to Astrix.
But he took it a step further. Beyond using the Astrix platform to control and secure non-human access to critical corporate environments, the CISO decided to leverage Astrix’s chatbot function to automatically educate employees about the potential security risks of their non-human integrations.
After some time using the chatbot function, the security team saw an effective reduction in new risky integrations by 97% (!). This means employees were de facto connecting fewer tools and services to corporate environments simply because they kept receiving automated notifications from Astrix about the risks of this access.
Chapter 2: Putting Astrix on autopilot
What became a true test to this new strategy was a period of major layoffs. The CISO lost nearly all his personnel. Despite this setback, the remaining security team leveraged Astrix’s automation to maintain a robust security posture. They managed to achieve control over 94% of risky non-human integrations through posture workflows and end-user remediation tools.
Having achieved a significant reduction in risk and overall posture around non-human identities, Astrix was now put on “autopilot”: detecting and resolving new high-risk access as well as continuously monitoring for anomalous behavior of these non-human identities. With these new automated processes in place, the security team was able to identify and respond to real threats as soon as they emerged.
This automated approach allowed the small security team to efficiently manage risky non-human access without compromising business value and continue being business enablers rather than blockers.
Chapter 3: In times of financial turmoil – automate
Astrix played a pivotal role in reshaping the company’s security culture. By deploying interactive workflows that automatically communicate with users over native channels like Slack and Teams, the platform not only controlled but also educated staff, effectively changing the organization’s approach to cybersecurity. This shift was instrumental in helping the CISO manage security programs with a significantly reduced team.
This story highlights the importance of adopting integrated security solutions like Astrix that combine automation, education, and real-time threat detection. By embracing such technologies, organizations can significantly enhance their cybersecurity posture, even in the face of resource constraints – which we’re all too familiar with these days.
Stay tuned for story 3…