USE CASE: IDENTITY & ACCESS MANAGEMENT

Non-human Access: IAM Program’s biggest blindspot

Service accounts, API keys, OAuth tokens, and other non-human identities are powerful credentials that should be protected as vigorously as user passwords.

Astrix helps you extend IAM programs to non-human identities from discovery and risk prioritization to threat detection and response. 

“Use cases involving machine identity management are difficult to secure, understand and resolve. Over permissioned API keys, OAuth tokens, and overlooked privileged service accounts create substantial risks in attacks and data breaches.”

The IAM layer is at risk

Attackers abuse non-human identities to bypass existing security controls

Leaking an API key can be more consequential than leaking a username and password login since logins are often protected by two-factor authentication nowadays, whereas API keys are not. Recent attacks reveal attackers use access keys, service accounts, and secrets as a backdoor into companies’ most sensitive core systems and data.

Okta

Oct 2023:

Attackers used a leaked service account to access Okta’s support case management system and view files uploaded by Okta customers. Among the affected customers are CloudFlare and BeyondTruts.

Microsoft Azure AD

Jul 2023:

A stolen inactive signing key from a breached Azure system was used to create valid email access tokens, and allowed hackers to access Office365 environments across multiple organizations within the shared Azure AD cloud environment.

Jumpcloud

Jul 2023:
During an ongoing breach investigation, Jumpcloud invalidated all API keys and later urged its customers to rotate all tokens provided.

 “Astrix Empowers us to enhance our IAM and cloud security architecture, ensuring the utmost protection for access tokens and non-human connectivity. With this foundation in place, we can confidently embrace the transformative potential of automation, integration, low code, and generative AI initiatives. “

Nir Rotenberg, CISO, Rapyd

The vast scope of non-human access

According to Astrix Research

A company with 1,000 employees has roughly 10,000 tokens granting different applications access to its core system.

12% of apps connected to Google Workspace are considered to be published by untrustworthy vendors.

30% of access tokens detected in Salesforce are no longer in use and can be safely removed without impacting the business.

“Leaked or inadvertently shared service account credentials continue to be one of the leading factors of abuse in Google Cloud.”

Existing IAM solutions don’t cut it

Ungoverned machine credentials

Tools like CASB, MFA, SSO and password managers protect usernames and password logins. We help you monitor and secure programmable access credentials like API keys, OAuth tokens, service accounts and SSH keys.

Limited Threat Detection & Response

Existing Identity Threat Detection and Response (ITDR) tools specifically monitor user identity systems and user activity logs for attacks. Astrix helps extend ITDR to non-human identities and monitor them for misuse and compromise.

Secure user access only

Identity Governance and administration (IGA) solutions manage only user identities and secure user access. Astrix provides the visibility and context required to secure non-human identity, access, and activity.

Context-less secrets protection

Vaults only store your secrets without any security or business context. Secret scanners only find exposed secrets without risk prioritization. Astrix helps you understand where your exposed secrets are, if they’re valid, if they’re being used and what permissions they have – so you can prioritize risk and prevent threats.

How Astrix helps identity teams control non-human access

HOLISTIC VISIBILITY

Continuous discovery and inventory of all non-human identities and access permissions

Get a straightforward, consolidated view of:

  • Third-party apps and Gen AI services connected to core business and identity systems.
  • Shadow access to the engineering environment (for example, an API key issued by a developer to test a new CI/CD service).
  • Issued OAuth tokens, API keys, service accounts, SSH keys, and webhooks.
  • Permissions granted and data exposures.
  • Connection users and usage levels.
  • Indirect connections via no-code/low-code automation platforms.
  • Vendor supply-chain list.
Posture Management

Instantly improve identity security hygiene with risk prioritization and context

Get a prioritized list of security alerts with all the business context you need to remediate over-privileged, unnecessary, and untrusted non-human access. So you can make smarter decisions without breaking anything.

  • Misconfigured and over-privileged access.
  • The business context of each connection, access token, and service account.
  • Redundant apps, tokens, and keys of past employees and invalid applications.
  • Dangerous practices, such as granting the same access keys to multiple services.
ITDR

Detect & remediate suspicious non-human access in real-time through behavior analysis

  • Access from suspicious geo-locations.
  • A service or secret that uses out-of-the-ordinary permissions.
  • Unusual user agent.
  • Anomalous ISP.
Lifecycle management

Keep track of every access token, from creation to expiration

Understand your non-human access risks at every stage:

  • See the issues related to suspicious connections’ behavior, escalated permissions, and ownership changes.
  • Monitor risk changes to identify connections that were potentially impacted by a vulnerability such as Log4j.
  • Detect repeatable connection issues to enhance your threat response.
HOLISTIC VISIBILITY

Continuous discovery and inventory of all non-human identities and access permissions

Get a straightforward, consolidated view of:

  • Third-party apps and Gen AI services connected to core business and identity systems.
  • Shadow access to the engineering environment (for example, an API key issued by a developer to test a new CI/CD service).
  • Issued OAuth tokens, API keys, service accounts, SSH keys, and webhooks.
  • Permissions granted and data exposures.
  • Connection users and usage levels.
  • Indirect connections via no-code/low-code automation platforms.
  • Vendor supply-chain list.
Posture Management

Instantly improve identity security hygiene with risk prioritization and context

Get a prioritized list of security alerts with all the business context you need to remediate over-privileged, unnecessary, and untrusted non-human access. So you can make smarter decisions without breaking anything.

  • Misconfigured and over-privileged access.
  • The business context of each connection, access token, and service account.
  • Redundant apps, tokens, and keys of past employees and invalid applications.
  • Dangerous practices, such as granting the same access keys to multiple services.
ITDR

Detect & remediate suspicious non-human access in real-time through behavior analysis

  • Access from suspicious geo-locations.
  • A service or secret that uses out-of-the-ordinary permissions.
  • Unusual user agent.
  • Anomalous ISP.
Lifecycle management

Keep track of every access token, from creation to expiration

Understand your non-human access risks at every stage:

  • See the issues related to suspicious connections’ behavior, escalated permissions, and ownership changes.
  • Monitor risk changes to identify connections that were potentially impacted by a vulnerability such as Log4j.
  • Detect repeatable connection issues to enhance your threat response.

Non-human access is growing exponentially


The modern enterprise is a breeding ground for shadow non-human access

Gen AI, IT democratization and Bottom-up SW adoption

Businesses rely on generative AI tools and third-party apps to advance their operations and increase productivity. With nearly 200 generative AI apps created weekly and SaaS vendors like Okta, Google Workspace, Salesforce, and Microsoft 365 offering thousands of integrations in their marketplace alone, ‘non-technical’ employees are empowered to create third-party connections into these core systems. However, due to a lack of cybersecurity awareness, they may unknowingly connect untrusted, over-privileged, and later unused third-party apps to their accounts.

The “engineering” black hole of tokens

IT teams, DevOps, and others increasingly provide API-based access to third-party applications and Gen AI services from core systems like GitHub or Snowflake. These shadow integrations (created using  API keys, service accounts, webhooks, OAuth tokens, or even SSH keys) create another whole ecosystem of supply chain dependencies.  In addition,  growing connectivity between internal services and resources to core engineering systems leads to many secrets scattered across SaaS, IaaS, machines, and workstations. While Dev teams create these secrets, security teams lack the visibility and the context to secure them. 

This site is using cookies for various purposes (analytics, marketing, user experience). You can read more in our privacy policy.

Request a demo

See how Astrix can help you take
control of your third-party integrations.



This will close in 0 seconds

Contact us



This will close in 0 seconds