web analytics

Bridging the NHI security gap: Astrix and Torq partner up – Source: securityboulevard.com

bridging-the-nhi-security-gap:-astrix-and-torq-partner-up-–-source:-securityboulevard.com
Rate this post

Source: securityboulevard.com – Author: Danielle Guetta

While zero-trust policies and identity-centric programs excel at protecting user identities and login credentials with IAM policies and security tools like MFA or IP restrictions, non-human identities (NHIs) like API keys, OAuth apps, service accounts, and secrets often lack visibility, monitoring, and governance. This gap has not gone unnoticed by attackers.

Astrix Security stepped in as the first solution to fill this gap, and we are thrilled to announce our partnership with Torq, making it easier than ever to manage, secure, and remediate NHI risks seamlessly within your SOC automation processes.

Simplifying NHI security with Astrix and Torq

By integrating Torq with Astrix, security teams can automate identifying and responding to anomalies, excessive permissions, unused credentials, and non-rotated non-human identities through streamlined workflows. This integration helps eliminate silos, allowing teams to operationalize Astrix effortlessly within their existing Torq setup.

Automated response and remediation

Astrix brings behavioral analysis, typically used for human identities, to non-human identities – enabling real-time detection of unusual activities. To that extent, Torq allows customers to respond automatically using remediation playbooks driven by preset logic, allowing immediate threat responses without switching between different tools.

Posture management and risky integrations

Unused permissions, risky connections, and unrotated tokens increase your NHI attack surface. Using Astrix and Torq, customers can customize rules to detect unused, overly permissive, and malicious NHI access. These rules are converted into automated playbooks through Torq, ensuring continuous reduction of attack surfaces by removing risky access and non-rotated tokens.

Enhanced change management

Astrix and Torq enhance change management for non-human identities by automating data flows and remediation tasks. When Astrix detects a high-risk NHI event, it feeds this information into Torq, which then creates a ticket in workflow management systems like Jira or ServiceNow. Torq’s automation capabilities then trigger specific playbooks to handle these changes, such as decommissioning NHIs. This automation minimizes manual intervention, ensuring swift and accurate updates and reducing potential errors.

Enter the era of security hyper-automation

The integration of Astrix and Torq transforms how security teams manage non-human identities. This partnership simplifies complex processes and reduces the burden on security teams by automating the detection and response to unusual activities and poorly managed permissions.

Ready to see it in action? Request a demo.

The post Bridging the NHI security gap: Astrix and Torq partner up appeared first on Astrix Security.

*** This is a Security Bloggers Network syndicated blog from Astrix Security authored by Danielle Guetta. Read the original post at: https://astrix.security/bridging-the-nhi-security-gap-astrix-and-torq-partner-up/

Original Post URL: https://securityboulevard.com/2024/05/bridging-the-nhi-security-gap-astrix-and-torq-partner-up/

Category & Tags: Security Bloggers Network,Blog – Security Bloggers Network,Blog

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Secure Software Development Lifecycle Fundamentals by Codrut Andrei
Secure Software Development Lifecycle Fundamentals...
BUTTERWORTH-HEINEMANN
Security Operations Center Guidebook – A Practical Guide for a Successful SOC
Security Operations Center Guidebook –...
CISO Forum
CISO’s – First 100 Days Roadmap – Your success as a security leader is determined largely by your first 100 days in the role.
CISO’s – First 100 Days...
RedHat
State of Kubernetes Security Report 2022 by RedHat
State of Kubernetes Security Report...
National Cyber Security
Cyber Security Toolkit for Boards – Helping board members to get to grips with cyber security by NCSC
Cyber Security Toolkit for Boards...
WILEY
Cybercrime Investigators Handbook by WILEY
Cybercrime Investigators Handbook by WILEY
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

the Department of the Environment Climate and Communications
Guidelines on CyberSecurity Specifications
Guidelines on CyberSecurity Specifications
Security METRICS
Security Metrics Guide to PCI DSS Compliance
Security Metrics Guide to PCI...
SOC TIPS Cybersecurity
Guia de Resposta a Incidentes de Segurança para LGPD
Guia de Resposta a Incidentes...
CDCP
FIREWALL Audit CHECKLIST
FIREWALL Audit CHECKLIST
FUTURE OF PRIVACY FORUM
Risk Framework Body Related Data (PD) Immersive Tech
Risk Framework Body Related Data...
ENISA
Remote ID Proofing Good Practices
Remote ID Proofing Good Practices
Google
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Why Red TeamsPlay a Central...
Red Canary
Threat Detection Report 2024
Threat Detection Report 2024
HADESS
Pwning the Domain Persistence
Pwning the Domain Persistence
Australian Goverment
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective...
CISC (Comité Internacional Sobre Ciberseguridad)
Política Nacional de Ciberseguridad 2023-2028
Política Nacional de Ciberseguridad 2023-2028
Google
Perspectiveson Securityfor the Board
Perspectiveson Securityfor the Board

More Latest Published Posts

UK HM Government
National Cyber Strategy 2022
National Cyber Strategy 2022
NSA
NSA Network Infrastructure Security Guide
NSA Network Infrastructure Security Guide
NIST
NIST Policy Template Guide
NIST Policy Template Guide
Thecyphere
Malware prevention tips for businesses
Malware prevention tips for businesses
ministry of security
MERGERS AND ACQUISITIONS
MERGERS AND ACQUISITIONS
THE LINUX FUNDATION
Linux Privilege Escalation
Linux Privilege Escalation
LogRhythm
How to build a SOC with limited resources
How to build a SOC with limited resources
Kubernetes
Kubernetes and Cloud Native Associate (KCNA) Study Guide
Kubernetes and Cloud Native Associate (KCNA) Study Guide
Australian Government
Management structures and responsibilities
Management structures and responsibilities
Hacker Combat
How are Passwords Cracked ? by Hacker Combat.
How are Passwords Cracked ? by Hacker Combat.
N/A
Security Metrics & KPIs for Measuring SOC Success – Measure Up: How SOC Metrics Elevate Your Security Posture.
Security Metrics & KPIs for Measuring SOC Success – Measure Up: How SOC Metrics Elevate Your Security Posture.
Sectrio
The Global OT & IoT Threat Landscape Assessment and Analysis rEPORT 2024 by Sectrio Threat Research Lab Initiative.
The Global OT & IoT Threat Landscape Assessment and Analysis rEPORT 2024 by Sectrio Threat Research Lab Initiative.
ISA SECURE
The Case for ISA/IEC 62443Security Level 2 as a Minimumfor COTS Components
The Case for ISA/IEC 62443Security Level 2 as a Minimumfor COTS Components
Huntress
2024 Cyber Threat Report
2024 Cyber Threat Report
NACD - Intenet Security Alliance
2023 Director’s Handbook on Cyber-risk Oversight
2023 Director’s Handbook on Cyber-risk Oversight
Devoteam
14 Cybersecurity Trends for 2024
14 Cybersecurity Trends for 2024
IGNITE Technologies
MEMORY FORENSICS VOLATILITY
MEMORY FORENSICS VOLATILITY
CAREER UP
7 Steps to your SOC Analyst Career
7 Steps to your SOC Analyst Career
National Cyber Security Centrum
Managing Insider Threats
Managing Insider Threats
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
National Security Agency
CSI Cloud Top10 Key Management
CSI Cloud Top10 Key Management
CSA Cloud Security Alliance
Defining the Zero TrustProtect Surface
Defining the Zero TrustProtect Surface
HANIM EKEN
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CNIL
PRACTICE GUIDE GDPR – SECURITY OF PERSONAL DATA Version 2024
PRACTICE GUIDE GDPR – SECURITY OF PERSONAL DATA Version 2024
PWNED LABS
Cloud Security Engineer Roadmap
Cloud Security Engineer Roadmap
tutorialspoint.com
Cloud Computing Tutorial Simply Easy Learning
Cloud Computing Tutorial Simply Easy Learning
SMITHA SRIHARSHA
CISSP Preparation Notes
CISSP Preparation Notes