Story 3: Catching the Red-Team Red-Handed

Join Astrix customers as they lead the non-human identity security frontier in this series “The Astrix stories: Real customer wins”. From building an automated process around NHI offboarding, to a collaboration between security and engineering to remove super-admin tokens in two hours – these real stories will help you understand what an NHI security strategy looks like for Astrix customers.

Chapter 1: The Red-Team Routine

It is very common in the security industry to hear of failed security audits and red-team exercises targeting “the weakest link” – reused passwords, system defaults, unused, yet highly permissioned service accounts. But highly uncommon to hear about defensive security efforts that stop these exercises in their tracks. 

Today’s story is an example of the latter.

We’re all familiar with The Red-Team. Minimal access is granted and they are then tasked with infiltrating the system, uncovering weaknesses along the way. This approach helps organizations identify and fortify any gaps in their defenses.

As Non-Human Identity (NHI) attacks become more prevalent, they also became a favored vector for these Red-Teams (and attackers). The increased frequency and sophistication of such attacks necessitated an equally sophisticated response.

A major e-commerce platform recently experienced the efficacy of Astrix’s Threat Detection capabilities during a Red-Team exercise that stopped them in their tracks. 

Chapter 2: Astrix Spoiling the Red-Team’s Party

The company’s security team got a notification from Astrix about an internal Slack application that was flagged for exhibiting suspicious behavior when a dormant bot token suddenly came online, accessing Slack APIs it had never accessed before. Slack apps, notorious for their widespread use and access to sensitive data, became the unexpected entry point for this simulated attack.

But the security team was prepared. With Astrix in place, the SecOps teams received all the critical information required to investigate and address the anomaly, promptly identifying the source IP of the compromised Slack token and a dead giveaway around its misuse.

The swift response not only stopped the simulated attack but also underscored the importance of real-time threat detection in a dynamic and highly connected environment.

Chapter 3: Real-World Results

The immediate alert and subsequent investigation led to an interesting revelation. The efficiency and speed of the Astrix platform were so remarkable that the company had to cancel and reschedule the Red-Team exercise.

An executive from the company even stated, “Our reaction thanks to Astrix was so fast that we needed to …reschedule the [exercise]—so they could really check our internal vulnerabilities.”

Stay tuned for story 4…

This site is using cookies for various purposes (analytics, marketing, user experience). You can read more in our privacy policy.

Request a demo

See how Astrix can help you take
control of your third-party integrations.

This will close in 0 seconds

Contact us

This will close in 0 seconds