The startup was co-founded in 2021 by CEO Alon Jackson and CTO Idan Gour, both former members of Israel’s famed intelligence division Unit 8200, to help organizations monitor and control the complex web of third-party apps connected to their critical systems.
The number of integrations used by organizations has increased dramatically over the past two years as a result of the widespread shift to remote working and, in turn, cloud-based environments. Astrix claims that while businesses are largely on top of managing user access to critical systems, the majority are falling short when it comes to managing API access, which is exposing them to a growing attack surface vulnerable to supply chain attacks, data spillage and compliance violations. That’s why the startup developed Astrix Security, a platform that equips businesses with full integration lifecycle management.
“Current solutions provide a security score that helps you assess the security posture of apps you want to adopt. Others, such as NoName, look at API security, which focuses on the APIs that you develop and want others to consume,” Jackson, who served as head of R&D at Argus prior to founding Astrix, told TechCrunch. “We look at integrations that are done through third parties; it could be your CRM on Salesforce or your intellectual property in GitHub. These are all systems that you did not develop, but you have API access enabled to them.”
Astrix Security provides organizations with an immediate inventory of all third-party connectivity to enterprise applications. It automatically detects changes and malicious anomalies within these integrations and low-code or no-code workflow configurations and provides real-time remediations.
This technology, Jackson claims, could have prevented organizations from becoming a casualty of the CodeCov hack last year, which saw attackers breach the company’s software auditing tool to gain access to hundreds of its customers’ networks.
“What happened is exactly what we are building for; the developer just added a new third-party connection on top of his code repository in GitHub. He removed it, but didn’t revoke the access, which led to their entire IP being sold on the dark web,” Jackson said.
Astrix Security is already in the hands of a number of global enterprise customers, spanning the technology, health tech and automotive sectors. Jackson says the startup plans to use its $15 million seed investment, which was led by Bessemer Venture Partners and F2 Capital, with participation from Venrock and over 20 cybersecurity angel investors, to expand its current team of 20 and to bolster its go-to-market efforts.