A new security-as-a-service (SaaS) startup officially launched today that provides end users with access to an organization's private applications while keeping them off the corporate network and application server as a way to help prevent endpoint-borne threats.
Axis Security, which had been operating in stealth mode, uses a cloud-based platform that doesn't use endpoint agents. It's currently geared for organizations integrating users in the wake of a merger and acquisition (M&A) or for third-party suppliers, such as consultants or other contractors, who need access to corporate apps, such as travel and logistics, for example.
Axis Security's emergence from stealth also comes amid a massive, global work-from-home movement underway by businesses and organizations in an effort to quell the spread of Coronavirus-19 (COVID-19). Company executives say the initial use of Axis's technology has been companies providing new users access to their internal apps in the wake of M&As, as well as for third-party suppliers and contractors, but the SaaS offering also applies to any work-from-home setup.
"We're not launching as a solution for that scenario," meaning as a COVID-19 work-from-home technology, says Tamir Hardof, chief marketing officer at Axis Security. But he admits that is likely to become an attractive option for its SaaS offering in the coming months as offices remain closed during the pandemic.
"Making it easier for enterprises to enable all users -- employees and non-employees -- in a highly managed and secure way is a very increasingly relevant story and solution today," he says.
The typical scenario for getting employees and contractors access to internal apps after an M&A can be manually configuring laptops and shipping them to users, he notes, and that is labor-intensive and time-consuming.
Axis Security's early customers who adopted the technology for getting their new M&A and third-party users access to private apps are now also facing the work-from-home shift in the current COVID-19 pandemic, he explains. "They are now asking us how we can help if they are closing offices" and using work-from-home for users, he says.
Axis Security, which was founded by Dor Knafo and Gil Azrielant, former members of the Israeli Defense Forces Unit 8200, has raised some $17 million in funding. Its investors are venture capital firm Cyberstarts, which includes backing from founders and entrepreneurs from Sequoia Capital, Palo Alto Networks, Check Point, and Imperva; Ten Eleven Ventures' Alex Doll; and individual investors Dan Amiga, founder of Fireglass, and Michael Fey, former president of Symantec and Blue Coat.
Axis Security's approach falls into the zero-trust realm. But unlike network-access, cloud-based security services like Zscaler Private Access, which sends traffic via Zscaler's network, Axis Security's Application Access Cloud is all about the application layer. "Zscaler utilizes an agent, whereas Axis does not. Zscaler offers a broader Web security portfolio ... whereas Axis is focused solely on secure application access," explains John Grady, cybersecurity analyst at Enterprise Strategy Group, who adds that many other vendors in this space have varying approaches that include using VPNs.
"Axis is starting with very specific use cases, which is still the predominant approach we see in this market: One of their customers has a massive network of third-party vendors and partners that require access to their systems and are utilizing Axis for that purpose. Another is using Axis to accelerate an acquired company's access to the acquirer's applications," he says. "I think a solution like Axis Security's can replace much of the functionality of a VPN solution down the line, but many organizations are starting smaller before advancing down that path."
Corporate VPNs increasingly have come under scrutiny for their potential for abuse and inadvertently give users too much access to corporate resources.
"The user is never part of the network and stays isolated from the network," explains Knafo, co-founder and CEO of Axis Security. For now, it's focused on providing access to internal applications, he says, but the company is working on adding access to other applications, including Google Hangouts, for example.
The end user accesses internal apps from any of their devices, and there's a management console for the IT and security teams to monitor and oversee user activity. "We actually operate at the application layer," explains Azrielant, co-founder and CTO of Axis Security. Users have an URL interface to the applications, he says, and software-based components from the corporate network communicate with Axis Security's cloud service and check user authenticity and policies.
Secure remote access is as crucial as ever, according to security experts. "Improving secure remote access has been top-of-mind for the last year or so I'd say, but I think that is going to accelerate with the current circumstances we're facing. So this was a market poised for growth a month ago, but it's even more important in today's environment," ESG's Grady says.
- Planning a Zero-Trust Initiative? Here's How to Prioritize
- IT Careers: Tech Drives Constant Change
- 7 Cloud Attack Techniques You Should Worry About
- Security Lessons We've Learned (So Far) from COVID-19
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Beyond Burnout: What Is Cybersecurity Doing to Us?"