Investors are increasingly turning their attention towards startups that focus on governing and mitigating the risk associated with non-human identities (NHIs). Following the headline-grabbing incident where industrial automation giant Schneider Electric fell victim to a ransomware attack by the Hellcat gang, it became evident that NHIs are vulnerable points in the cybersecurity landscape.
NHIs, which include machine identities used for authenticating machine-to-machine communications, have recently become a popular target for cyber attackers due to the lack of centralized management by many organizations. This has led to a surge in funding for startups like Astrix Security, which secured $45 million in Series B funding, bringing its total funding to $85 million since its founding in 2021.
Astrix Security, known for developing the NHI term, offers a suite of identity security posture management (ISPM) tools that focus on NHI threat detection, response, life cycle management, auto-remediation, and secrets scanning. The platform aims to address the numerous issues associated with NHIs, such as unencrypted credentials, lack of inventory of NHI accounts, inactive accounts, and the absence of account ownership.
With the exponential growth of cloud-native applications, IoT infrastructure, and AI-based automation, NHIs have become an increasingly alarming threat. The Cloud Security Alliance (CSA) conducted a survey of over 800 security and IT professionals, revealing that 24% plan to invest in NHI security in the next six months, while 36% intend to do so within a year.
The incidents tied to compromised NHIs have been on the rise, with notable breaches including attacks on Microsoft’s Midnight Blizzard, Snowflake, GitHub, and Hugging Face open-source repository. As the risk from compromised NHIs continues to grow, experts anticipate an increase in the proportion of NHIs to human identities, with industry estimates suggesting a current ratio of 50:1.
To address the evolving threat landscape posed by NHIs, there has been a surge in M&A activity within the cybersecurity sector. Cybersecurity providers are increasingly adding NHI protection capabilities to their offerings, with companies like CyberArk acquiring machine identity management provider Venafi for $1.54 billion. The growing importance of managing NHIs securely has prompted companies like GitGuardian to launch NHI governance solutions, aiming to provide visibility and control over the life cycles of NHIs and their associated secrets.
Looking ahead, experts predict that the focus on NHI security will continue to grow, with a shift towards comprehensive products that address both human and non-human identities. The market is still in the early stages of development, with many players being startups, but more acquisitions and platform support are expected to emerge in 2025 to manage the evolving threat landscape related to NHIs.