Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.



Today, Enterprise app security startup Astrix Security emerged from stealth with a $15 million seed funding round led by Bessemer Venture Partners with an app integration access management solution designed to protect enterprises’ third-party apps. 

The announcement comes as the number of apps used in the workplace has skyrocketed, with the average number of apps used in a company increasing from 72 in 2016 to 88 in 2021 amid the COVID-19 pandemic, to the point where security teams struggle to maintain visibility over this infrastructure.

Astrix Security is attempting to address this challenge by providing enterprises and decision makers with a full integration lifecycle management solution they can use to automatically detect changes and anomalies within their-party integrations, and remediate them in real-time to protect against software supply chain attacks.

The security implications of app sprawl  

One of the biggest challenges raised by the user app sprawl that’s taken place in recent years is that many of these apps are third-party apps that aren’t directly managed by the security team, and pose significant security risks to the environment. 

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

For instance, research shows that 77% of flaws in third-party libraries remain unfixed after three months, and 44% of enterprises experience API security issues concerning privacy, data leakage, and object property exposure. 


In many ways, the volume of apps used in the workplace is too high for users and security teams to manage on an ad-hoc basis. 

“The rapid increase of everything-as-a-service and automation processes are encouraging companies and their end-users to continuously integrate third-parties into the fabric of the enterprise, reshaping the modern IT environment as we know it,” said Alon Jackson, CEO and coFounder of Astrix Security in an exclusive interview.  

“The result is a tangled web of app-to-app connectivity and a growing third-party attack surface, threatening to expose businesses’ most sensitive assets to supply chain attacks, data spillage, account takeover and compliance violations. For most companies, it’s not a matter of it, it’s a matter of when,” said Jackson. 

Astrix Security’s answer to this challenge is to provide security teams a complete inventory of third-party connections with risk visibility, threat detection, and remediation capabilities to detect redundant, misconfigured, or malicious third-party exposure of assets. 

Mitigating third-party risk 

The organization stands at the intersection of the fast growing third-party risk management market, valued at $2.85 billion in 2018 and expected to reach $8.18 billion by 2025, and the API security market, which researchers valued at $1.2 billion in 2018 and anticipate will reach $5.1 billion by 2023. 

Both these markets are in a state of growth as more enterprises look to mitigate third party risks users are exposed to in the environment. 

When it comes to securing third party services, one of Astrix Security’s closest competitors is ThreatX, which provides automated discovery of APIs, profiling, and greater visibility into security risks, and raised $10 million in funding last year to enhance its position in the web application security market.

Another competitor is Akamai with App & API Protector, a security solution for websites, applications, and APIs, that can automatically discover APIs and monitor them for malicious payloads, which announced $905 million in revenue in Q4 last year. 

However, Jackson believes that Astrix Security’s focus on API connections rather than APIs makes it stand out from other providers. “While companies doing API security are securing the APIs developed and owned by their customers, we focus on protecting integrations (API connections) not owned and developed by the enterprise itself and connected to the enterprise’s critical systems.” 

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.