Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

03:30 PM
Connect Directly

Startup Offering Secure Access to Corporate Apps Emerges from Stealth

Axis Security has raised $17 million in VC funding.

A new security-as-a-service (SaaS) startup officially launched today that provides end users with access to an organization's private applications while keeping them off the corporate network and application server as a way to help prevent endpoint-borne threats.

Axis Security, which had been operating in stealth mode, uses a cloud-based platform that doesn't use endpoint agents. It's currently geared for organizations integrating users in the wake of a merger and acquisition (M&A) or for third-party suppliers, such as consultants or other contractors, who need access to corporate apps, such as travel and logistics, for example.

Axis Security's emergence from stealth also comes amid a massive, global work-from-home movement underway by businesses and organizations in an effort to quell the spread of Coronavirus-19 (COVID-19). Company executives say the initial use of Axis's technology has been companies providing new users access to their internal apps in the wake of M&As, as well as for third-party suppliers and contractors, but the SaaS offering also applies to any work-from-home setup.

"We're not launching as a solution for that scenario," meaning as a COVID-19 work-from-home technology, says Tamir Hardof, chief marketing officer at Axis Security. But he admits that is likely to become an attractive option for its SaaS offering in the coming months as offices remain closed during the pandemic.

"Making it easier for enterprises to enable all users -- employees and non-employees -- in a highly managed and secure way is a very increasingly relevant story and solution today," he says.

The typical scenario for getting employees and contractors access to internal apps after an M&A can be manually configuring laptops and shipping them to users, he notes, and that is labor-intensive and time-consuming.

Axis Security's early customers who adopted the technology for getting their new M&A and third-party users access to private apps are now also facing the work-from-home shift in the current COVID-19 pandemic, he explains. "They are now asking us how we can help if they are closing offices" and using work-from-home for users, he says.

Axis Security, which was founded by Dor Knafo and Gil Azrielant, former members of the Israeli Defense Forces Unit 8200, has raised some $17 million in funding. Its investors are venture capital firm Cyberstarts, which includes backing from founders and entrepreneurs from Sequoia Capital, Palo Alto Networks, Check Point, and Imperva; Ten Eleven Ventures' Alex Doll; and individual investors Dan Amiga, founder of Fireglass, and Michael Fey, former president of Symantec and Blue Coat.

Axis Security's approach falls into the zero-trust realm. But unlike network-access, cloud-based security services like Zscaler Private Access, which sends traffic via Zscaler's network, Axis Security's Application Access Cloud is all about the application layer. "Zscaler utilizes an agent, whereas Axis does not. Zscaler offers a broader Web security portfolio ... whereas Axis is focused solely on secure application access," explains John Grady, cybersecurity analyst at Enterprise Strategy Group, who adds that many other vendors in this space have varying approaches that include using VPNs.

"Axis is starting with very specific use cases, which is still the predominant approach we see in this market: One of their customers has a massive network of third-party vendors and partners that require access to their systems and are utilizing Axis for that purpose. Another is using Axis to accelerate an acquired company's access to the acquirer's applications," he says. "I think a solution like Axis Security's can replace much of the functionality of a VPN solution down the line, but many organizations are starting smaller before advancing down that path."

Corporate VPNs increasingly have come under scrutiny for their potential for abuse and inadvertently give users too much access to corporate resources.

"The user is never part of the network and stays isolated from the network," explains Knafo, co-founder and CEO of Axis Security. For now, it's focused on providing access to internal applications, he says, but the company is working on adding access to other applications, including Google Hangouts, for example.

The end user accesses internal apps from any of their devices, and there's a management console for the IT and security teams to monitor and oversee user activity. "We actually operate at the application layer," explains Azrielant, co-founder and CTO of Axis Security. Users have an URL interface to the applications, he says, and software-based components from the corporate network communicate with Axis Security's cloud service and check user authenticity and policies.

Secure remote access is as crucial as ever, according to security experts. "Improving secure remote access has been top-of-mind for the last year or so I'd say, but I think that is going to accelerate with the current circumstances we're facing. So this was a market poised for growth a month ago, but it's even more important in today's environment," ESG's Grady says.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Beyond Burnout: What Is Cybersecurity Doing to Us?"

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Inside North Korea's Rapid Evolution to Cyber Superpower
Kelly Sheridan, Staff Editor, Dark Reading,  12/1/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-12-04
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the...
PUBLISHED: 2020-12-04
Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, and GT2103-PMBD all versions), GS21 model of GOT series (GS2110-WTBD all versions and GS2107-WTBD all versions), and Tension Controller LE...
PUBLISHED: 2020-12-04
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.
PUBLISHED: 2020-12-04
hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address.
PUBLISHED: 2020-12-04
An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does not avoid acquiring a reservation in the case where a load translates successfully but still generates an exception.