Published on: January 15, 2025
SafetyDetectives recently spoke with Alon Jackson, Co-Founder and CEO of Astrix Security, to uncover the innovative approach his company takes toward managing and securing third-party integrations in SaaS ecosystems. Drawing on his experience in the Israeli 8200 unit and a deep understanding of cloud technologies, Alon shared how Astrix Security pioneers the protection of non-human identities (NHIs) in an increasingly interconnected and AI-driven world. In this interview, Alon discusses the origins of Astrix, its unique solutions for shadow integrations and compliance challenges, and the company’s vision for navigating the future of SaaS security.
Can you share your journey in founding Astrix Security and what inspired you to address the challenges of third-party integrations in SaaS platforms?
I kicked off my career in the Israeli 8200 unit, spending eight years leading cloud initiatives. It was there that I met my friend and future co-founder, Idan Gour. We started tossing around the idea of launching our own security company so after leaving the 8200 unit, we both took on professional roles to build up more experience. Then, we took a few months off to brainstorm, dive into the startup world, and explore the ideas at hand. During that time, we noticed that while there were plenty of tools for managing user access, there wasn’t a single solution focused on securing core connections like APIs and OAuth tokens. As we saw how interconnected everything was becoming—especially with the rise of AI—we knew we had found our opportunity. And that’s how Astrix Security was born.
What sets Astrix Security apart in the market when it comes to managing and securing third-party app integrations?
What makes Astrix Security stand out in the market is our laser focus on securing one of the most overlooked yet critical areas of security: non-human identities (NHIs). Since our launch in 2021, we’ve been pioneers in this space, even coining the term “non-human identities.” As AI has been on the rise, the proliferation of API keys, service accounts, and other NHIs has just exploded, making our work more essential and challenging than ever. For example, for every 1,000 employees we’ve found there are about 20,000 NHIs driving automation and innovation. Astrix is unique in offering enterprises comprehensive visibility and governance over these NHIs across environments, ensuring they remain secure as they scale.
Shadow integrations are a growing concern. Can you elaborate on the risks they pose and how Astrix helps organizations uncover and mitigate these threats?
Shadow integrations present significant risks – unauthorized access, data leaks and compliance issues – by introducing unmanaged and often unseen access points into an organization’s core systems. Astrix Security addresses these challenges by providing comprehensive visibility and security context for all AI-related access to critical environments, including Salesforce, M365, GitHub, and AWS.
The Astrix platform provides real-time discovery with a continuous inventory of all service accounts, secrets, IAM roles, and API keys linked to AI services, ensuring no access point goes unnoticed. Our tools offer detailed usage analysis and holistic visibility, helping organizations determine if a NHI is actively used, its connections, and how to safely rotate or remove it without disrupting operations. We also enable businesses to prioritize remediation by providing rich context on the services and resources an AI-related NHI can access (like S3, Git repos, or Slack channels), its permissions level (read, add, full access), and whether it’s used internally or externally. By uncovering these hidden integrations and offering actionable insights, Astrix empowers organizations to manage and secure their AI-driven environments effectively.
With the increasing complexity of SaaS ecosystems, how do you ensure that your platform scales effectively to meet the needs of businesses of all sizes?
In today’s threat landscape, businesses of all sizes face risks from NHIs. Astrix is designed to seamlessly scale across diverse environments—whether it’s IaaS, PaaS, SaaS, or on-premises systems—supporting corporate and production environments alike. Our platform covers a wide range of NHIs, including API keys, secrets, OAuth tokens, SSH keys, service accounts, webhooks, IAM roles, and certificates. What sets Astrix apart is our threat-driven approach, we’re the only NHI security solution equipped with advanced threat detection engines to identify anomalous behavior, policy deviations, and supply chain compromises. This ensures comprehensive protection that grows with the business, no matter the size or complexity.
Compliance and data privacy regulations are more demanding than ever. How does Astrix assist organizations in maintaining compliance while managing third-party integrations?
Astrix helps security leaders automate the discovery, monitoring, and protection of NHIs across all environments, including Salesforce and NetSuite. For instance, for financial institutions needing to comply with SOX requirements, Astrix allows companies to ensure financial data remains secure and untampered: Astrix provides continuous monitoring and anomaly detection for NHIs, automatically identifying abnormal behavior or unauthorized access attempts. Astrix confidently meets SOX compliance requirements, enforcing fine-grained access controls and applies automatic policy enforcement for NHIs, ensuring compliance with SOX by preventing unauthorized access to critical financial data and systems.
What do you see as the biggest trends or challenges in SaaS security over the next five years, and how is Astrix preparing to address them?
Agentic AI will be a main focus for all organizations. Gartner has predicted that by 2028, at least 15% of day-to-day work decisions will be made autonomously through agentic AI. With companies increasingly relying on these “virtual employees” to help support human workflows, the very definition of the “workforce” will change, forcing enterprises to rethink their existing identity and access management approaches.
We’ve seen it in the security headlines with high-profile cyberattacks due to NHIs being exploited, from Microsoft to Okta. With the rapid adoption of AI agents – software programs that enhance productivity by automating tasks – securing NHIs is becoming even more imperative.