Understanding Astrix
Introduction to the Astrix Security Management Solution
Astrix Security
Astrix was one of the earliest companies offering an NHI security platform. They can be credited as the first to coin the term “Non-Human Identity,” going back to the RSA Innovation Sandbox competition in May 2023. Coining the term “NHI” came after a number of positioning iterations, such as 3rd-party integration access controls and App-to-App security (not to be confused with SaaS-to-SaaS) as Astrix began its journey all the way back in 2021 with a focus on core environments spanning across IaaS, PaaS and SaaS.
The company quickly recognized the importance of behavior anomaly detection for the usage of these identities. One of the core competencies of Astrix is having years of training on real world API traffic to detect anomalies in near-real time. The same engine that actually detected a 0-day vulnerability in Google GCP back in 2022, more on that later.
The platform’s key capabilities include:
NHI Discovery and Inventory: Identifying and cataloging NHIs across various environments like AWS, Github, Slack, and Active Directory.
Posture Management: Ensuring NHIs adhere to least-privilege principles and are properly configured to minimize attack surfaces.
Lifecycle Management: Orchestrating the lifecycle of NHIs, including secret rotation, NHI retirement, and reassignment.
Anomaly Detection and Threat Remediation: Analyzing NHIs for unusual behavior or configuration anomalies and remediating issues directly in workflows
A few notable elements of their platform’s capabilities include:
Behavioural analysis: They have an AI-based threat engine that detects abuse of NHIs based on anomaly indicators such as unusual IP, user agent, and activity.
Vendor supply chain attacks: They map every associated NHI, allowing a company to see everything an NHI is connected to in their tech stack and what it’s used for, so in the case of an incident involving a third party, a company can either rotate or remove an NHI quickly. Since they comply with SEC disclosure guidelines, they can expedite incident response when a company’s external vendor is compromised.
Policy deviations: They prevent NHI abuse by enforcing organizational policies on NHIs. They use existing tools to mitigate policy deviations such as access from forbidden geos, number of API calls and more. Beyond Astrix’ strong NHITDR play, their aim is to secure these identities across different environments, particularly SaaS, on-prem and cloud-native environments, which form the backbone of most modern enterprises. Astrix’s platform focuses on managing the lifecycle and security posture of non-human identities.
A key component of Astrix’s solution is its risk engine. This engine assesses the risk level of every NHI by analyzing its permissions, potential for compromise, and how it interacts with external suppliers or internal systems. This allows Astrix’s customers to prioritize the most critical threats and take action on high-risk NHIs. Customers can use Astrix’s remediation workflows to fix issues such as over-permissioned accounts or compromised secrets.
The company has a broad platform, but its strengths relative to competitors lies with its ability to detect cross-environment threats, built-in remediation engine and real-time threat detection . While Astrix is primarily cloud-native, the company is actively developing capabilities to manage NHIs within on-prem environments. Key on-prem focus areas include Active Directory service accounts and on-prem databases, as well as SaaS tools deployed on-prem, such as GitHub Enterprise. Astrix is applying the lessons learned from cloud environments to ensure that on-prem NHIs are managed with the same level of sophistication.
Astrix Security manages the human-user lifecycle and its intersection with non-human identities (NHIs) by providing a seamless approach of tying human users to the NHIs they create and manage. This critical feature ensures that each NHI, such as service accounts or API keys, is associated with an accountable owner, allowing organizations to track and manage these identities throughout their lifecycle. For instance, when a human user is off-boarded, Astrix's platform ensures that any associated NHIs are also revoked or retired, preventing security gaps caused by lingering, unmanaged identities. Additionally, during access reviews, the platform helps ensure that both human-user access and the permissions granted to NHIs are evaluated together, reducing the risk of orphaned or overly privileged NHIs. This owner assignment mechanism offers an additional layer of security, enabling organizations to quickly identify and remediate issues by knowing exactly which user is responsible for each NHI. This capability is foundational to Astrix's strategy of providing comprehensive lifecycle management and ensuring security across all identity types.
Another strength of the Astrix platform is the Astrix research group, which specializes in NHI behaviors, risks, and vulnerabilities. These insights enrich the platform continuously. The Astrix research group is famous for the discovery of the Ghost token zero-day in GCP, which was actually patched by Google.
Astrix provides a unified platform that addresses NHIs by offering extensive coverage across multiple environments, including cloud-native, and SaaS. This approach is vital for enterprises with complex, hybrid infrastructures that require consistent NHI visibility and control across different layers of their stack. Astrix’s ability to monitor and secure AWS, CICD tools, SaaS platforms, and on-prem solutions like Active Directory gives it a significant advantage, providing customers with a holistic view of their NHI ecosystem.
At the core of Astrix’s offering is its powerful risk engine, specifically designed to assess the risk levels of NHIs. The risk engine evaluates the permissions, configurations, and usage of each NHI. It assigns risk scores based on these factors, helping organizations prioritize threats and focus remediation efforts on the most critical NHIs. The company’s deep understanding of how NHIs function within SaaS platforms allows it to offer more targeted and effective security solutions for enterprises that rely heavily on tools like Slack, AWS, and other SaaS applications. Astrix partnered with the Cloud Security Alliance to survey over 800+ security leaders, the report unveils the state of Non-Human Identity Security – from top challenges and risks to tooling, programs, and budget allocation - The State of Non-Human Identity Security. I highly recommend checking it out.