Astrix Security

The FS-ISAC Fall Summit is in full swing, and our NHI container puzzle is waiting for you to solve it! Stop by booth #43 to chat with our expert team about all things #NHISecurity and snag some of the coolest swag around. And don’t miss your chance to enter the “Guess How Many NHIs” contest for a shot at winning your own personal voice-activated robot! 🤖

Ghosts of Ex-Employees' NHIs 🎃 When employees leave, their NHIs stick around - haunting your environments. 👻 From operational disruptions to lingering security vulnerabilities, these identities are a very real risk, and one that deserves attention. Find out how to exorcise these NHI ghosts once and for all with Astrix: https://lnkd.in/dK-JBPDw

Do you know where your NHIs are hiding? Join us next week at FS-ISAC in Atlanta to find out! Visit Astrix at Booth #43 to learn all about NHI security, grab some awesome swag and play for a chance to win the coolest giveaways around 🤖 Our team will be there to chat about all things #NHIs and help you in your journey to securing the biggest identity blindspot 👀 See you there! Michael Silva, Michael Herring, Ryan Rockenbaugh

Cybersecurity posts get pretty spooky this time of year. We’re here to cut through the tricks and deliver the facts with our 3-part Halloween series. 👻 Today, swipe through to see what really matters when it comes to securing non-human identities. We promise, it's not 𝘵𝘩𝘢𝘵 scary! Here is the rundown: 🕵️ Don’t get tricked by visibility without context. 💼 5,000 employees? That’s over 100,000 NHIs. That’s 𝒂 𝒍𝒐𝒕 to manage. ⚠️ ~6.5% of them are high-risk. 🔎 How do we determine that? Check out slide 4 🍬 Astrix’s Treat: Visibility alone won’t help you secure NHIs. Get the context you need to focus on what really matters. Learn more about Astrix's context: https://lnkd.in/d-TbyeyJ

Exposed secrets are a ticking time bomb, and recent attacks prove it. ⚠ Just detecting exposed secrets isn’t enough. Secrets like API keys, tokens, and service account credentials, once exposed, give attackers an open door. Many solutions stop at detection, but the real challenge is rotating those secrets before they’re exploited. For that, you need context and automation. In this short article, we explain how Astrix helps customers not only detect, but also control and rotate exposed secrets with confidence. Read it here: https://lnkd.in/d_wUuY8x

GPS is bullish on Astrix Security and simplifying Non-Human Identity problems. Meet them next week at GPSEC!

#Dallas here we come! 💃 We're excited to see you in Dallas on Oct 30th for #GPSEC with our amazing partners GuidePoint Security. Be sure to stop by the Astrix Security booth to learn how we're helping customers solve the biggest blindspot in modern identity programs, Non-Human Identity. 👀 Be sure to register here: https://lnkd.in/dESesDxy Amanda Renshaw, David Watkins, Nicole Dreyer, Brandon McElrath, Johnathan Martin, Manuela Jaramillo, Mitchem B., Jessica Grammer, Steve Shupper, Patrick Gunn, Brian Ledbetter, Chris Barletta, Alyssa Lilly, Jon Hart, Sophia Yee, Travis Dye, Josh Behnke, Matt Peterson, Jerry O'Brien, Jamille Moore, Juno Bender Eric Goldstein, Pat Murphy, Nick Von Bokern, Alex M. Flores

𝐈𝐧𝐭𝐞𝐫𝐧𝐞𝐭 𝐀𝐫𝐜𝐡𝐢𝐯𝐞 𝐛𝐫𝐞𝐚𝐜𝐡𝐞𝐝: 𝐇𝐨𝐰 𝐨𝐧𝐞 𝐀𝐏𝐈 𝐤𝐞𝐲 𝐞𝐱𝐩𝐨𝐬𝐞𝐝 1 𝐦𝐢𝐥𝐥𝐢𝐨𝐧 𝐬𝐮𝐩𝐩𝐨𝐫𝐭 𝐭𝐢𝐜𝐤𝐞𝐭𝐬 ⚠ The two most prominent issues with NHIs - hard-coded credentials exposed via source code, and non-expiring, over-permissive access - were the result of yet another massive breach. Our research team lead Tal Skverer shares his insights: "On October 9, users accessing the Internet Archive website (mostly known for their Wayback Machine function) started getting errors while the website was down due to DDoS attack. Shortly after it was back online, a popup was displayed to users claiming that the Internet Archive backend was hacked and their entire user database was leaked, exposing tens of millions of Internet Archive users. Although some rumors circulated about this breach, no definitive proof was brought forward regarding how this breach happened, and what was the weakest link in Internet Archive’s security. Today, thousands of Internet Archive users with support tickets received a follow-up message revealing that an exposed API key was not properly rotated, allowing access to their support data. Bleeping Computer’s investigation confirmed that the initial access point was a GitLab access token found in a public configuration file. This token granted full access to Internet Archive's source code, where dozens of secrets were exposed. This included the support system API key that gave access to nearly 1 million tickets opened since 2018. This attack highlights how NHIs can be exploited at every stage - from initial access to lateral movement and privilege escalation within the organization." Tal demonstrated earlier this year how such attacks are performed in a live workshop. Watch it on-demand to learn more: https://lnkd.in/d85QJxN3

🎉 Astrix Wins SINET16 Innovator Award 2024! 🎉 We’re thrilled to announce that Astrix Security has been named a winner of the prestigious SINET16 Innovator Award! 🏆 Our team was onsite in New York to accept this incredible honor, recognizing Astrix’s leadership in Non-Human Identity Security. Out of 230 companies from 13 countries, Astrix was selected as one of the most innovative and compelling companies addressing Cybersecurity threats and vulnerabilities. Winners were chosen by a distinguished panel of 103 security professionals, including CISOs, risk executives, venture capitalists, investment bankers, and experts from government intelligence and defense agencies. We’re honored to be part of this incredible cohort. As a pioneer and leader in Non-Human Identity Security, we will continue our mission of closing critical blind spots in enterprise security. A huge thank you to SINET, the distinguished judges, Heather Rodriguez and Robert Rodriguez, for this incredible recognition! Congratulations to all the other winners: Aembit, BforeAI, BLACKBIRD.AI, BreachRx, ContraForce, Corsha, Descope, Eclypsium, Inc., HiddenLayer, Lumos, Nagomi Security, Protect AI, Query, Reality Defender and Savvy.

The Astrix team joined our partner GuidePoint Security and customers in SF for an amazing kickoff to Fleet Week 2024. Thank you Bryan Bollman, John Sarmenta, Abbi Demel, Piper Mauro, Isaac C. Liu, Carlos Olivera, Imran M., Brian Kennedy. To more great times together! 🥂🚢⚓