Cisco Acquires Astrix: Tackling Non-Human Identity Risks for AI & Machines

Overview: Cisco’s Strategic Move for Identity-Centric Security

Cisco is set to acquire Astrix Security, a cybersecurity startup specializing in non-human identity management. This strategic acquisition, announced on May 2, 2024, is poised to bolster Cisco’s burgeoning identity-centric security portfolio, particularly in addressing the complex challenges associated with machine and AI access to critical resources. According to SecurityWeek, the move signifies a recognition of the escalating risks posed by the proliferation of non-human entities – such as service accounts, APIs, bots, and AI agents – interacting within modern cloud and hybrid environments.

The modern enterprise increasingly relies on automated processes, cloud-native applications, and artificial intelligence, leading to a surge in identities that are not associated with human users. These non-human identities require secure authentication, authorization, and continuous monitoring to prevent unauthorized access and potential compromise. Cisco’s integration of Astrix’s capabilities aims to provide organizations with enhanced visibility into these machine identities and their access privileges, facilitating a more robust security posture against emerging threats.

Technical Details: Understanding Non-Human Identity Risks in Cloud Environments

Non-human identities encompass a broad range of automated entities that perform tasks without direct human intervention. This includes:

• Service Accounts: Used by applications or services to interact with operating systems or other applications.
• API Keys/Tokens: Credentials used by applications to access APIs, often granting extensive permissions to cloud services.
• Workload Identities: Identities assigned to cloud functions, containers, or virtual machines to interact with other cloud resources.
• Robotic Process Automation (RPA) Bots: Software robots that automate repetitive tasks, often requiring access to multiple systems.
• IoT Devices: Devices that connect to networks and often perform automated actions, necessitating their own identities.
• AI Agents: Autonomous or semi-autonomous software entities that interact with systems based on AI models.

Each of these non-human identities represents a potential attack surface. Unlike human users, which are often subject to multi-factor authentication and behavioral analytics, non-human identities typically rely on static credentials or less dynamic authentication mechanisms. A compromise of such an identity can grant attackers direct access to sensitive data, enable Lateral Movement within a network, or facilitate Privilege Escalation. Threat actors, including sophisticated APT groups and financially motivated ransomware operators, are increasingly targeting these avenues due to their often-overlooked nature. Poorly managed API keys or service accounts can lead to data breaches or become entry points for more elaborate Supply Chain Attack scenarios if they belong to third-party integrations.

How to Secure Non-Human Identities in Cloud Environments

Effective management of non-human identities is crucial for maintaining a strong security posture in the cloud. Traditional Identity and Access Management (IAM) solutions, primarily designed for human users, often fall short in providing the granular control and continuous monitoring required for machine identities. This gap creates blind spots where over-privileged or dormant non-human accounts can persist, becoming high-value targets. The challenge lies in:

• Discovery: Identifying all non-human identities across diverse cloud services and on-premise infrastructure.
• Visibility: Understanding what each identity is, what permissions it has, and what resources it can access.
• Context: Knowing why an identity needs specific access and whether that access is still necessary.
• Lifecycle Management: Provisioning, de-provisioning, and rotating credentials securely.
• Anomaly Detection: Monitoring the behavior of non-human identities to detect unusual activities that might indicate compromise.

Astrix Security’s technology is designed to address these challenges by providing comprehensive visibility into non-human identities, their permissions, and their actual usage patterns. This allows organizations to implement and enforce Zero Trust principles for automated workflows, ensuring that every machine-to-machine interaction is verified and least privilege is maintained.

Actionable Recommendations for Non-Human Identity Security

Organizations must proactively manage and secure their non-human identities to mitigate risks effectively. Implementing a robust non-human identity security program is essential, especially when dealing with advanced automated systems and AI integrations. Here are key recommendations:

• Establish Comprehensive Inventory and Discovery: Continuously discover and maintain an up-to-date inventory of all non-human identities, including service accounts, API keys, managed identities, and cloud application access tokens across all environments. This includes understanding what each identity is and what it accesses.
• Implement Least Privilege: Grant non-human identities only the minimum necessary permissions to perform their designated functions. Regularly review and revoke excessive privileges. This is a foundational element in mitigating AI machine access risks and other automated system compromises.
• Enforce Secrets Management Best Practices: Utilize dedicated secrets management solutions (e.g., HashiCorp Vault, AWS Secrets Manager, Azure Key Vault) to store, distribute, and rotate API keys and other credentials securely. Avoid embedding credentials directly in code or configuration files.
• Monitor and Audit Activity: Implement logging and monitoring solutions to track the activities of non-human identities. Integrate these logs into a SIEM system for centralized analysis and alert generation. Look for anomalous behavior, unusual access patterns, or access from unexpected locations as potential IoC indicators.
• Regularly Rotate Credentials: Establish policies for the periodic rotation of non-human identity credentials, especially for long-lived API keys and service accounts.
• Leverage Cloud-Native IAM Features: Maximize the use of cloud provider identity features, such as IAM roles for service accounts and managed identities, which often provide more secure and dynamic credential management than static keys.
• Implement Context-Aware Access Policies: Beyond static permissions, consider implementing policies that restrict access based on context, such as source IP, time of day, or originating application, to enhance best practices for service principal security.
• Integrate with EDR and Cloud Security Posture Management (CSPM) Tools: Ensure that non-human identity activity is factored into broader security monitoring, allowing for quick detection and response to potential compromises.

By prioritizing the security of non-human identities, organizations can significantly reduce their attack surface and protect critical cloud infrastructure from sophisticated threats targeting automated systems.