Astrix Security Raises $25M to Protect Nonhuman IdentitiesCash Will Allow Astrix to Bring Threat Detection, Secure Access to Third-Party Apps
A finalist at this year's RSA Conference Innovation Sandbox contest landed Series A funding to more effectively detect threats and secure access for nonhuman identities.
New York-based Astrix Security said the $25 million will enable it to expand from managing access for nonhuman identities to understanding threats to services and applications and helping third-party applications securely connect to CRM or email systems, said co-founder and CEO Alon Jackson. The investment round was led by VC firm CRV and brings Astrix's total funding to almost $40 million.
"Investors have been working very, very hard to pinpoint the seed investments they want to double down on," Jackson told Information Security Media Group. "We're getting the opening fundraising from this new Series A wave."
The Need for Machine Identity Protection
Fortune 200 companies have been forced to spend hundreds of engineering and DevOps hours building homegrown tools to help with safeguarding nonhuman identities, given the lack of suitable offerings in the market, Jackson said. Managing, analyzing and getting real-time insights on nonhuman identities requires a completely different tech stack given the velocity and intensity of how applications behave (see: Robust Identity Protection Isn't Just for Employees Anymore).
"Machines are supposed to behave like machines. They're supposed to do the same task over and over again," Jackson said. "So, in some aspects, it's understanding that the machine is risky if it's behaving differently or suspiciously."
Customers increasingly rely on Astrix's technology to manage AI tools and machines while, at the same time, the company taps into generative AI for better threat and anomaly detection, Jackson said. The generative AI craze has brought a new generation of applications and tools into customer environments, which in turn has increased the importance of the work Astrix does, according to Jackson.
"Machines are outnumbering humans," Jackson said. "We need something to enable us to manage that."
Why Astrix Beats Third-Party Risk Management Tools
Astrix plans to double its 30-person workforce over the next year, with engineering and sales comprising the bulk of the new hires, Jackson said. The company has gained traction with cloud-first Fortune 1000 organizations in areas such as fintech given the effort and resources businesses need to control which nonhuman identities can access the enterprise, according to Jackson.
The company competes most frequently against legacy identity tools such as SailPoint and Saviynt as well as third-party risk management offerings that provide vendor security scores or ratings, he said. Instead of providing a security score, Astrix looks at third-party risk in terms of exposure and provides an exposure score for every new application or service that is being adopted to better understand risk, Jackson said.
"The machine is risky if it's behaving differently or suspiciously."
– Alon Jackson, co-founder and CEO, Astrix
From a metrics standpoint, Jackson said, Astrix plans to closely track annual recurring revenue to better understand how fast and easy new customer adoption is. Outside of that, Astrix plans to track customer satisfaction, customer endorsements, net promoter scores, ease of deployment and time to value to ensure customers can be up and running in minutes as the product gets more complex and full-featured.
"The landscape of third parties is changing and increasing dramatically for every enterprise," Jackson said. "Looking at things from an identity-centric perspective is how we believe we can fundamentally solve the problem rather than just a specific symptom."