Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

03:30 PM
Connect Directly

Startup Offering Secure Access to Corporate Apps Emerges from Stealth

Axis Security has raised $17 million in VC funding.

A new security-as-a-service (SaaS) startup officially launched today that provides end users with access to an organization's private applications while keeping them off the corporate network and application server as a way to help prevent endpoint-borne threats.

Axis Security, which had been operating in stealth mode, uses a cloud-based platform that doesn't use endpoint agents. It's currently geared for organizations integrating users in the wake of a merger and acquisition (M&A) or for third-party suppliers, such as consultants or other contractors, who need access to corporate apps, such as travel and logistics, for example.

Axis Security's emergence from stealth also comes amid a massive, global work-from-home movement underway by businesses and organizations in an effort to quell the spread of Coronavirus-19 (COVID-19). Company executives say the initial use of Axis's technology has been companies providing new users access to their internal apps in the wake of M&As, as well as for third-party suppliers and contractors, but the SaaS offering also applies to any work-from-home setup.

"We're not launching as a solution for that scenario," meaning as a COVID-19 work-from-home technology, says Tamir Hardof, chief marketing officer at Axis Security. But he admits that is likely to become an attractive option for its SaaS offering in the coming months as offices remain closed during the pandemic.

"Making it easier for enterprises to enable all users -- employees and non-employees -- in a highly managed and secure way is a very increasingly relevant story and solution today," he says.

The typical scenario for getting employees and contractors access to internal apps after an M&A can be manually configuring laptops and shipping them to users, he notes, and that is labor-intensive and time-consuming.

Axis Security's early customers who adopted the technology for getting their new M&A and third-party users access to private apps are now also facing the work-from-home shift in the current COVID-19 pandemic, he explains. "They are now asking us how we can help if they are closing offices" and using work-from-home for users, he says.

Axis Security, which was founded by Dor Knafo and Gil Azrielant, former members of the Israeli Defense Forces Unit 8200, has raised some $17 million in funding. Its investors are venture capital firm Cyberstarts, which includes backing from founders and entrepreneurs from Sequoia Capital, Palo Alto Networks, Check Point, and Imperva; Ten Eleven Ventures' Alex Doll; and individual investors Dan Amiga, founder of Fireglass, and Michael Fey, former president of Symantec and Blue Coat.

Axis Security's approach falls into the zero-trust realm. But unlike network-access, cloud-based security services like Zscaler Private Access, which sends traffic via Zscaler's network, Axis Security's Application Access Cloud is all about the application layer. "Zscaler utilizes an agent, whereas Axis does not. Zscaler offers a broader Web security portfolio ... whereas Axis is focused solely on secure application access," explains John Grady, cybersecurity analyst at Enterprise Strategy Group, who adds that many other vendors in this space have varying approaches that include using VPNs.

"Axis is starting with very specific use cases, which is still the predominant approach we see in this market: One of their customers has a massive network of third-party vendors and partners that require access to their systems and are utilizing Axis for that purpose. Another is using Axis to accelerate an acquired company's access to the acquirer's applications," he says. "I think a solution like Axis Security's can replace much of the functionality of a VPN solution down the line, but many organizations are starting smaller before advancing down that path."

Corporate VPNs increasingly have come under scrutiny for their potential for abuse and inadvertently give users too much access to corporate resources.

"The user is never part of the network and stays isolated from the network," explains Knafo, co-founder and CEO of Axis Security. For now, it's focused on providing access to internal applications, he says, but the company is working on adding access to other applications, including Google Hangouts, for example.

The end user accesses internal apps from any of their devices, and there's a management console for the IT and security teams to monitor and oversee user activity. "We actually operate at the application layer," explains Azrielant, co-founder and CTO of Axis Security. Users have an URL interface to the applications, he says, and software-based components from the corporate network communicate with Axis Security's cloud service and check user authenticity and policies.

Secure remote access is as crucial as ever, according to security experts. "Improving secure remote access has been top-of-mind for the last year or so I'd say, but I think that is going to accelerate with the current circumstances we're facing. So this was a market poised for growth a month ago, but it's even more important in today's environment," ESG's Grady says.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Beyond Burnout: What Is Cybersecurity Doing to Us?"

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: It's the latest version of antivirus.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-06-02
An issue was discovered in fastecdsa before 2.1.2. When using the NIST P-256 curve in the ECDSA implementation, the point at infinity is mishandled. This means that for an extreme value in k and s^-1, the signature verification fails even if the signature is correct. This behavior is not solely a us...
PUBLISHED: 2020-06-02
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call.
PUBLISHED: 2020-06-02
In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF.
PUBLISHED: 2020-06-02
In Joomla! before 3.9.19, lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" modules allows XSS.
PUBLISHED: 2020-06-02
In Joomla! before 3.9.19, incorrect input validation of the module tag option in com_modules allows XSS.