Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

3/17/2020
03:30 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Startup Offering Secure Access to Corporate Apps Emerges from Stealth

Axis Security has raised $17 million in VC funding.

A new security-as-a-service (SaaS) startup officially launched today that provides end users with access to an organization's private applications while keeping them off the corporate network and application server as a way to help prevent endpoint-borne threats.

Axis Security, which had been operating in stealth mode, uses a cloud-based platform that doesn't use endpoint agents. It's currently geared for organizations integrating users in the wake of a merger and acquisition (M&A) or for third-party suppliers, such as consultants or other contractors, who need access to corporate apps, such as travel and logistics, for example.

Axis Security's emergence from stealth also comes amid a massive, global work-from-home movement underway by businesses and organizations in an effort to quell the spread of Coronavirus-19 (COVID-19). Company executives say the initial use of Axis's technology has been companies providing new users access to their internal apps in the wake of M&As, as well as for third-party suppliers and contractors, but the SaaS offering also applies to any work-from-home setup.

"We're not launching as a solution for that scenario," meaning as a COVID-19 work-from-home technology, says Tamir Hardof, chief marketing officer at Axis Security. But he admits that is likely to become an attractive option for its SaaS offering in the coming months as offices remain closed during the pandemic.

"Making it easier for enterprises to enable all users -- employees and non-employees -- in a highly managed and secure way is a very increasingly relevant story and solution today," he says.

The typical scenario for getting employees and contractors access to internal apps after an M&A can be manually configuring laptops and shipping them to users, he notes, and that is labor-intensive and time-consuming.

Axis Security's early customers who adopted the technology for getting their new M&A and third-party users access to private apps are now also facing the work-from-home shift in the current COVID-19 pandemic, he explains. "They are now asking us how we can help if they are closing offices" and using work-from-home for users, he says.

Axis Security, which was founded by Dor Knafo and Gil Azrielant, former members of the Israeli Defense Forces Unit 8200, has raised some $17 million in funding. Its investors are venture capital firm Cyberstarts, which includes backing from founders and entrepreneurs from Sequoia Capital, Palo Alto Networks, Check Point, and Imperva; Ten Eleven Ventures' Alex Doll; and individual investors Dan Amiga, founder of Fireglass, and Michael Fey, former president of Symantec and Blue Coat.

Axis Security's approach falls into the zero-trust realm. But unlike network-access, cloud-based security services like Zscaler Private Access, which sends traffic via Zscaler's network, Axis Security's Application Access Cloud is all about the application layer. "Zscaler utilizes an agent, whereas Axis does not. Zscaler offers a broader Web security portfolio ... whereas Axis is focused solely on secure application access," explains John Grady, cybersecurity analyst at Enterprise Strategy Group, who adds that many other vendors in this space have varying approaches that include using VPNs.

"Axis is starting with very specific use cases, which is still the predominant approach we see in this market: One of their customers has a massive network of third-party vendors and partners that require access to their systems and are utilizing Axis for that purpose. Another is using Axis to accelerate an acquired company's access to the acquirer's applications," he says. "I think a solution like Axis Security's can replace much of the functionality of a VPN solution down the line, but many organizations are starting smaller before advancing down that path."

Corporate VPNs increasingly have come under scrutiny for their potential for abuse and inadvertently give users too much access to corporate resources.

"The user is never part of the network and stays isolated from the network," explains Knafo, co-founder and CEO of Axis Security. For now, it's focused on providing access to internal applications, he says, but the company is working on adding access to other applications, including Google Hangouts, for example.

The end user accesses internal apps from any of their devices, and there's a management console for the IT and security teams to monitor and oversee user activity. "We actually operate at the application layer," explains Azrielant, co-founder and CTO of Axis Security. Users have an URL interface to the applications, he says, and software-based components from the corporate network communicate with Axis Security's cloud service and check user authenticity and policies.

Secure remote access is as crucial as ever, according to security experts. "Improving secure remote access has been top-of-mind for the last year or so I'd say, but I think that is going to accelerate with the current circumstances we're facing. So this was a market poised for growth a month ago, but it's even more important in today's environment," ESG's Grady says.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Beyond Burnout: What Is Cybersecurity Doing to Us?"

 
Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4719
PUBLISHED: 2020-09-24
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
CVE-2020-15604
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-24560
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...