Reclaim control over shadow third-party access
Your digital supply chain is bigger than you think. With employees regularly connecting third-party apps to core systems such as Salesforce, Google Workspace, and GitHub via API keys, OAuth tokens, and other machine credentials, you are probably more exposed than ever to supply chain exploits.
Astrix enhances your TPRM program with automated and continuous discovery of all the connected third-party apps and vendors and helps you focus on the risks that matter most.
Access tokens were stolen from the most trusted app vendors
The last couple of years have seen a constant increase in supply chain attacks that take advantage of access granted to third-party apps and services as a backdoor into companies’ most sensitive and valuable data. And it’s not just small-time vendors – even the biggest and most well-known vendors get breached. High-profile examples include:
Okta
October 2023:
Attackers used a leaked service account to access Okta’s support case management system and view files uploaded by some Okta customers. Among the affected customers are BeyondTrust and CloudFlare.
CircleCI
January 2023:
Engineering employees’ computers were compromised by malware, which allowed the threat actors to access and steal session tokens. Stolen session tokens give threat actors the same access as the account owner, even if there’s two-factor authentication.
TPRM tools are simply not enough
Existing Third-party risk programs are not dynamic enough, nor are they built for cloud environments and hyper-automation.
Point-in-time assessment
TPRM tools assess third-party apps mainly during the procurement and pre-onboarding stages. Astrix continuously monitors everything that accesses your environment, how it behaves and the risk it poses.
Unaware of shadow apps
Ironically, apps that go through TPRM assessments are usually well-known SaaS apps with high-security standards. Astrix discovers all apps that access your environments, known or unknown, and analyzes their reputation in real time.
Obscure security scores
These scores are based on static parameters of the app vendor and lack real-time insights. We provide you with a continuous assessment of the vendor as well as your exposure in case this vendor gets breached.
Slow questionnaires
Manual security questionnaires are not scalable and often slow down the business and reduce agility. Astrix automatically provides all the necessary security and business information about the third-party app and the vendor behind it, reducing overhead and increasing productivity.
“Thanks to Astrix’s agentless deployment, within no time, we gained visibility into the growing number of third-party services that are connected to our critical systems.”
The vast scope of ungoverned third-party access
According to Astrix Researchers
A company with 1,000 employees has roughly 10,000 tokens granting different applications access to its core system.
Around 45% of connections in Salesforce environments are not in use, while in GitHub environments the numbers are as high as 33% on average.
90% of the apps connected to Google Workspace environments are non-marketplace apps – meaning they were not vetted by an official app store.
Enhance your TPRM Program with Astrix
Real-time inventory of all connected third-party vendors and instant alerts on new app connections
Get a straightforward, consolidated view of:
- Third-party apps and Gen AI services connected to core systems.
- Shadow third-party access to the engineering environment (for example, an API key issued by a developer to test a new CI/CD service).
- Connection users and usage levels.
- Indirect connections via no-code/low-code automation platforms.
- Vendor supply-chain list.
Focus on the riskiest third-party connections to efficiently reduce your attack surface
- Get the risk and business context you need for pre-integration risk analysis (supplier, permissions, popularity, and more).
- Detect suspicious third-party access in real-time through behavior analysis, such as impersonating apps and OAuth phishing attacks, and abuse of stolen tokens.
- Reduce attack surface: remediate over-privileged, inactive, and untrusted third-party access.
- Get the business context of each connection, key and service account, so you can make smarter decisions without breaking anything.
Collaborate with employees to remediate risky connections without breaking anything
- Receive highly digested and prioritized security alerts, including user feedback, threat context, severity level, and suggested remediation steps.
- Automatically send employees Slack notifications to get the context about each app, the minute the connections are made.
- Support a healthier security culture by raising the awareness of end-users about the permissions they grant to third-party cloud services & tools.
Vet OAuth apps, chrome extensions and SaaS add-ons before connecting them
Detect risky permissions, untrustworthy vendors and malicious apps before your give them access:
- Evaluate potential risks associated with third-party apps before authorizing their access.
- Evaluate the compliance status, posture, and data sovereignty of each application.
- Discover the app’s actual vendor and understand its reputation.
Real-time inventory of all connected third-party vendors and instant alerts on new app connections
Get a straightforward, consolidated view of:
- Third-party apps and Gen AI services connected to core systems.
- Shadow third-party access to the engineering environment (for example, an API key issued by a developer to test a new CI/CD service).
- Connection users and usage levels.
- Indirect connections via no-code/low-code automation platforms.
- Vendor supply-chain list.
Focus on the riskiest third-party connections to efficiently reduce your attack surface
- Get the risk and business context you need for pre-integration risk analysis (supplier, permissions, popularity, and more).
- Detect suspicious third-party access in real-time through behavior analysis, such as impersonating apps and OAuth phishing attacks, and abuse of stolen tokens.
- Reduce attack surface: remediate over-privileged, inactive, and untrusted third-party access.
- Get the business context of each connection, key and service account, so you can make smarter decisions without breaking anything.
Collaborate with employees to remediate risky connections without breaking anything
- Receive highly digested and prioritized security alerts, including user feedback, threat context, severity level, and suggested remediation steps.
- Automatically send employees Slack notifications to get the context about each app, the minute the connections are made.
- Support a healthier security culture by raising the awareness of end-users about the permissions they grant to third-party cloud services & tools.
Vet OAuth apps, chrome extensions and SaaS add-ons before connecting them
Detect risky permissions, untrustworthy vendors and malicious apps before your give them access:
- Evaluate potential risks associated with third-party apps before authorizing their access.
- Evaluate the compliance status, posture, and data sovereignty of each application.
- Discover the app’s actual vendor and understand its reputation.
Shadow app-to-app connections expand your third-party risk
Consent Fatigue: employees will connect anything
With nearly 200 generative AI apps created weekly and SaaS vendors like Okta, Google Workspace, Salesforce, and Microsoft 365 offering thousands of integrations in their marketplace alone, ‘non-technical’ employees are empowered to create third-party connections into these core systems. When they do so, they often unknowingly/carelessly consent to grant excessive permissions to third-party app vendors that may not necessarily be trusted. Many integrations remain connected when they’re no longer in use, and some were connected by employees who have already left the organizations.
Once your key is stolen, it’s game over
When employees connect a third-party app to your core system, they provide the “keys to your kingdom” to the app vendor. From that moment, you’re dependent on the vendor’s security standards. Service accounts, API keys, OAuth tokens, and other access tokens are powerful credentials. Exposing an API key can be more consequential than exposing a username and password login since logins are often protected by MFA nowadays, whereas API keys are not.
