Dev teams work in sprints. Security threats don’t. As the code runs fast and releases the ship daily, security often plays catch-up. Not because the teams do not care, but because most of the tools are not actually designed for modern teams.
Result? There is a long list of unresolved issues. A lot of alerts. Limited visibility. And in the rush to ship, security still gets treated as a blocker instead of a baseline. Meanwhile, the risk keeps growing.
The average cost of a cyber attack on cloud applications has crossed $ 5.1 million per event. API data violation is 80% year-on-year. Number of compromised records? A shocking 214% increase. This is the tension modern businesses live with: agile development on one hand, expanding attack surfaces on the other.
At Astra Security, we are changing the conversation. Security should run independently, should always be on, and should be compatible with how your team works – it should not slow down. This spring, we are rolling out major platform updates designed to reduce the noise, streamline workflows, and give you strong coverage without compromising on speed or innovation.
1. Inside Astra’s API Security Platform (currently in Beta)
Cloud Mirroring Integrations for AWS and GCP
The Problem
Security groups often can not see stay API visitors while maintaining current services intact. Monitoring with agents and injecting SDKs create troubles, especially in manufacturing settings and with third-party APIs.
The Solution
Two exciting new features have come to promote flexibility and ease in handling API traffic:
- Cloud Mirroring for AWS & GCP: You can now mirror http traffic from AWS and GCP atmosphere, thanks to the underlying VPC and packet mirroring features. This allows you to look at network requests and API activity because they occur without changing code or disrupting your services.
- Proxy-based Instrumentation: Using our custom MITM proxy setup, you can get API traces from tools like Postman, Burp Suite, or Curl. Each trace you collected followed by opentemetry-comPINT formats. In addition, our domain-based filtering option cuts the extra noise so that you can focus on the traffic that matters the most.
The Impact
These enhancements give security and QA teams more observation and control over API traffic without adding complexity to the development pipeline. Whether in automatic scan or manual testing workflows, now you can detect requests with accuracy, spot weaknesses rapidly, and ensure better coverage in the atmosphere – cloud or otherwise.
Proxy-Based Instrumentation (Ingress + Sidecar Support)
The Problem
Traffic mirroring isn’t possible in lots of Kubernetes or hybrid cloud environments. This left teams with restricted visibility into east-west traffic or internal offerings not uncovered to the internet.
The Solution
OrbitX now helps proxy-based instrumentation using both ingress and sidecar proxy fashions. This consists of native help for Istio and Envoy, permitting passive traffic capture with no code amendment.
The Impact
Security and DevOps teams can now install OrbitX in formerly unsupported environments along with air-gapped setups and reveal internal API traffic with complete control over interception factors.
Azure Functions Integration
The Problem
Serverless architectures, especially the ones built on Azure Functions, often fall outdoor conventional security monitoring workflows. With confined instrumentation alternatives, groups struggled to benefit visibility into how these APIs behave in actual time—leaving gaps in their security posture.
The Solution
OrbitX now offers native integration with Azure Functions, leveraging an OpenTelemetry-based totally SDK to reveal and examine API activity seamlessly. This enables real-time request monitoring and more potent protection insights, all without disrupting your serverless workflows.
The Impact
Teams that use Azure Functions can now achieve whole API visibility and threat detection with minimum setup. It’s an effective breakthrough in securing cutting-edge serverless environments without including operational overhead.
Kong Gateway Integration
The Problem
Companies that occasionally use Kong as an API gateway don’t have enough security visibility. It was challenging to remove persistent blind spots caused by manually synchronizing traffic pathways and API configurations across several environments.
The Solution
OrbitX supports Enterprise and Open Source (OSS) versions and easily connects with Kong Gateway. Using proxy capture or OrbitX plugins to swallow website traffic is simple. Additionally, OrbitX offers comprehensive API discovery through Kong’s Admin API.
The Impact
Security teams may now match gateway configurations with discovery and tracking activities. Security procedures run more smoothly and effectively because of Kong’s backend’s automatic continuous API monitoring, which doesn’t require any extra deployment work.
2. What’s new with OrbitX?
Native Vanta Integration
The Problem
During compliance audits (SOC 2, HIPAA, ISO 27001), groups often rush to produce updated pentest effects. Without automation, they had to export reviews, which resulted in delays and inaccuracies manually.
The Solution
OrbitX is now linked with the Vanta Marketplace. Users can send pentest consequences, vulnerability states, and compliance evidence into Vanta without delay, which also helps map issues to compliance controls.
The Impact
Now, users can sync their security data with Vanta straight from the Astra dashboard, simplifying compliance processes and lowering the manual labor required to prepare audits.
Bulk Actions for Vulnerability Statuses
The Problem
Managing a large volume of vulnerabilities was time-consuming. Users had to update statuses individually, even when several findings were related to the exact root cause, thus slowing down triage and remediation, especially after extensive scans.
The Solution
The OrbitX interface now allows bulk updates, enabling users to pick out numerous vulnerabilities and modify their statuses in a single flow.
The Impact
This dramatically reduces AppSec teams’ triage time, allowing quicker reaction throughout coordinated remediation operations, specifically after big scans or pentests.
Scan Rule Exclusion Controls
The Problem
Previously, users had limited conscience except for specific routes or URLs when scanning API and cloud assets. While web goals allowed this level to adapt, API and cloud processes lack uniformity, resulting in noise results and unnecessary testing.
The Solution
Now you can exclude the special URL directly from the target setting page for both API and cloud assets, as you can do so with the targets setting page. This provides more control and stability in the scan in the atmosphere.
The Impact
Security teams can fix the scale of scanning to reduce the noise of API and cloud assets, reduce false positivity, and align with real-world risks. It is a simple but powerful update that provides important accuracy to a broader category of target types.
“Test Connectivity” Feature in Scan Setup
The Problem
Connectivity issues like unreachable URLs, community regulations, or misconfigured authentication regularly brought on scans to fail unexpectedly. These issues had been most effectively determined after setup, mainly to frustration and wasted time.
The Solution
We’ve introduced a “Test Connectivity” button inside the goal setup workflow. Before launching an experiment, customers can now affirm whether the target URL is offered from Astra’s infrastructure, giving them a risk of capturing ability problems early.
The Impact
This small but powerful characteristic helps save you failed scans, improves onboarding accuracy, and saves precious time by using allowing users to validate connectivity in advance—proper from the setup display screen.
Other Key Improvements
Target Navigation Improvements
Clicking on a subscription now leads you to the related target without delay, eliminating useless navigation steps and accelerating daily sports.
Rescan Countdown Timer
A countdown timer for vulnerability rescans was added to enhance group coordination at some point during remediation and validation.
Time-Based Filters for Vulnerabilities
Users may also clear out vulnerabilities by discovery or reporting date, making examining new and vintage consequences smooth.
Improved Mobile App Onboarding Flow
Mobile app onboarding for Android and iOS has been revamped with step-by-step steerage for real-international tool trying out and instrumentation.
Custom Header Management in UI
Users might also now add or exchange authorization headers at once in the UI, stopping failure scans because of expired or missing tokens.
Recurring Pentest Scheduling
OrbitX now allows teams to schedule recurring quarterly or annual pentests without delay, which improves compliance workflows and finances alignment.
Looking Ahead
While this Spring’s updates move us closer to our vision of seamless, continuous security, there’s much more on the way.
In the coming months, we are working to improve how teams consume and act on insights, such as more intuitive reporting formats targeted to different personas, deeper lightning scans that uncover threats faster, and a better DAST engine that incrementally learns where to search. We’re also making collaboration easier with planned features like bi-directional JIRA sync and improved compliance visibility included in the dashboard.
Our Trust Center experience will also be improved to make security posture sharing easier and more engaging for users. For those looking to start immediately, fully self-service cloud scanning for AWS, GCP, and Azure is just around the corner.
As always, we strive for robust and practical security – something your team can trust, embrace, and scale.
Lock down your security with our 10,000+ AI-powered test cases.
Discuss your security needs
& get started today!
