Astrix Security, an Israeli cybersecurity startup that provides access management for third-party application integrations, emerged stealthily with $15 million in funding.
The startup was co-founded in 2021 by CEO Alon Jackson and CTO Idan Gour, both former members of Israel’s famed Unit 8200 intelligence division, to help organizations monitor and control the complex web of third-party applications connected to their critical systems.
The number of integrations used by organizations has increased dramatically over the past couple of years as a result of the widespread shift to remote work and, in turn, to cloud-based environments. Astrix says that while companies are largely at the top of managing user access to critical systems, most are failing when it comes to managing API access, which exposes them to a growing attack surface vulnerable to supply chain attacks, data spills and compliance breaches. That’s why the startup developed Astrix Security, a platform that equips enterprises with full integration lifecycle management.
“Current solutions provide a security score that helps you assess the security posture of the applications you want to adopt. Others, like NoName, look at API security, which focuses on the APIs you develop and want others to consume,” Jackson, who served as head of R&D at Argus before founding Astrix, told Ploonge. “We analyzed the integrations that are made through third parties; it could be your CRM on Salesforce or your intellectual property on GitHub. These are all systems that you haven’t developed, but you have API access enabled for them.”
Astrix Security provides organizations with an immediate inventory of all third-party connectivity to enterprise applications. It automatically detects malicious changes and anomalies in these low-code or no-code workflow integrations and configurations and provides real-time fixes.
This technology, Jackson claims, could have prevented organizations from falling victim to last year’s CodeCov hack, which saw attackers breach the company’s software audit tool to gain access to hundreds of its customers’ networks.
“What happened is exactly what we are building; the developer just added a new 3rd party connection on top of their code repository on GitHub. He removed it but did not revoke access, which led to his entire IP being sold on the dark web,” Jackson said.
Astrix Security is already in the hands of a number of global enterprise customers spanning the technology, healthcare technology and automotive industries. Jackson says the startup plans to use its initial $15 million investment, led by Bessemer Venture Partners and F2 Capital, with participation from Venrock and more than 20 cybersecurity angel investors, to expand its current team of 20 and bolster your go-to-market efforts.