Astrix Security, a platform that helps companies manage and secure third-party app integrations, today announced that it closed a $25 million Series A funding round led by CRV with participation from Bessemer Venture Partners and F2 Venture Capital.
Co-founder and CEO Alon Jackson says that the round, which brings Astrix’s total raised to $40 million, will be put toward expanding headcount across the company’s offices in Tel Aviv and the U.S.
“The pandemic enforced cloud and software-as-a-service (SaaS) adoption, thus increasing third-party adoption and automation — requiring a solution to fit this digital and fast-paced interconnected world,” Jackson told TechCrunch in an email interview. “Astrix was founded to close a significant and unaddressed security gap by allowing security teams to extend access management and threat detection to the non-human identity layer.”
Jackson co-launched Astrix in 2021 alongside Idan Gour, who he met while serving in the Israel Defense Forces. Both say that they saw a need to create a platform that could help companies bring app integrations, which continue to gain in popularity, under firmer control from a security standpoint.
To their points, according to one recent report, company departments use between 40 and 60 different apps, with departments using an average of 200 apps organization-wide. This can amplify the security risk. Another poll, published in 2022 by the Ponemon Institute and Mastercard’s RiskRecon, found that 54% of organizations were breached through third parties over the preceding 12 months.
“Apps are often connected by employees across departments without the security team’s knowledge, making having visibility and governance into every third-party connection virtually impossible,” Jackson said.
Astrix connects to a company’s core systems — including SaaS, integration platform-as-a-service and infrastructure-as-a-service — to attempt to protect against over-privileged and malicious third-party app connections that might expose an organization. Using machine learning-based behavioral analysis engines, Astrix tries to spot deviations from standard app-to-app connectivity behaviors and suggest remediation steps that security teams can take to address the root of the problem.
Beyond detecting threats, Astrix provides a view of all the internal and third-party integrations within a business environment, as well as all access keys in use (e.g. API keys and service accounts) and the permissions and level of access granted to each one.
James Green, a general partner at CRV, said that it was these holistic observability features that caught CRV’s eye.
“Astrix is taking an innovative approach to extending identity and access management and threat detection to all non-human identities, giving unprecedented capabilities to manage the growing API-based third-party attack surface across all environments,” he said in an emailed statement.
Astrix isn’t without rivals in the app connection security space, including Apiiro, which works to help developers and security operators find and solve app-related issues that could result in vulnerabilities. There’s also Valence Security, Wing Security and Kodem, the last of which recently came out of stealth with $25 million in venture backing to tackle app security.
But Jackson, while declining to reveal the size of Astrix’s customer base, noted that Astrix recently brought on high-profile customers, including Figma, Priceline, Bloomreach and Rapyd.
“Cybersecurity is one of the few fields that is traditionally less impacted during down times,” Jackson said. “Moreover, layoffs and down markets create more cybercrime worldwide, and we’ve especially been experiencing this in the past year.”
That first point isn’t necessarily true — Q1 marked lowest VC funding for security in a decade, according to one report. But it seems that Astrix is successfully bucking the trend.