Astrix Security Ltd., a startup helping enterprises detect insecure applications with access to their internal data, has raised $25 million in funding.

The startup detailed in its announcement of the round today that CRV was the lead investor. Bessemer Venture Partners and F2 Venture Capital also contributed to the round, which is described as a Series A investment. Astrix has raised nearly $40 million since launch.

Companies often integrate their systems with third-party cloud services to support users’ work. A retailer, for example, might connect two inventory tracking tools with one another to sync product availability data. Each third-party application that integrates with a company’s systems can either change those systems or access the data they contain, which makes it a potential cybersecurity risk.

New York-based Astrix provides a cloud platform that can map out all the applications connected to a company’s systems and identify risks. The platform detects, among other threats, malicious applications with names spelled similarly to legitimate services. Business users are sometimes tricked into connecting such malicious applications to their company’s infrastructure.

Astrix also highlights legitimate services that may pose cybersecurity risks. The startup’s platform can, for example, point out if a revenue forecasting tool integrated with a company’s sales database has a known software vulnerability. Astrix also spots third-party applications that can access more data in a company’s internal systems than strictly necessary.

Unused integrations are flagged as well. The more applications are connected to a sensitive internal system, the more potential attack vectors are available for hackers. Removing unused integrations reduces the attack surface.

Before a third-party application can access a company’s internal systems, it must provide a so-called access token. This is a piece of code that functions as a password. It describes what systems or data a third-party application is allowed to use and for how long.

If hackers steal a legitimate application’s access token, they can potentially log into the systems with which the application is integrated. To address that risk, Astrix’s platform tracks every access token generated in a company’s technology environment. The platform uses behavioral analysis techniques to detect signs of misuse.

In a large company where employees may use hundreds of third-party applications, manually addressing every potential security issue is often impractical. To ease administrators’ work, Astrix provides a tool that automates the risk remediation workflow.

Administrators can use the tool to create workflows that automatically take action in response to potential cybersecurity issues. A workflow can, for example, detect when business users connect a vulnerable third-party application to a system and generate an alert. Administrators can customize what actions are taken and under what conditions through a no-code interface.

“We founded Astrix to close a significant and unaddressed security gap, by allowing security teams to extend access management and threat detection to the non-human identity layer,” said co-founder and Chief Executive Officer Alon Jackson. 

Astrix launched in 2021. Since then, it has built up a customer base that it says includes major tech firms such as Figma Inc. and Booking Holdings Inc.’s Priceline.com unit. It further claims to be experiencing “exponential year-over-year growth” but didn’t disclose absolute sales numbers.

The startup will use its newly closed funding round to hire more employees. 

Image: Astrix Security