{"id":38442,"date":"2025-04-16T13:05:14","date_gmt":"2025-04-16T07:35:14","guid":{"rendered":"https:\/\/www.getastra.com\/blog\/?p=38442"},"modified":"2026-01-13T00:01:50","modified_gmt":"2026-01-12T18:31:50","slug":"spring-2026-product-updates-whats-new-at-astra-security","status":"publish","type":"post","link":"https:\/\/www.getastra.com\/blog\/astra-product\/spring-2026-product-updates-whats-new-at-astra-security\/","title":{"rendered":"Spring 2025 Product Updates: What\u2019s New at Astra Security"},"content":{"rendered":"\n

Dev teams work in sprints. Security threats don\u2019t. As the code runs fast and releases the ship daily, security often plays catch-up. Not because the teams do not care, but because most of the tools are not actually designed for modern teams. <\/p>\n\n\n\n

Result? There is a long list of unresolved issues. A lot of alerts. Limited visibility. And in the rush to ship, security still gets treated as a blocker instead of a baseline. Meanwhile, the risk keeps growing. <\/p>\n\n\n\n

The average cost of a cyber attack on cloud applications has crossed $ 5.1 million per event<\/a>. API data violation is 80% year-on-year<\/a>. Number of compromised records? A shocking 214% increase. This is the tension modern businesses live with: agile development on one hand, expanding attack surfaces on the other.<\/p>\n\n\n\n

 At Astra Security, we are changing the conversation. Security should run independently, should always be on, and should be compatible with how your team works – it should not slow down. This spring, we are rolling out major platform updates designed to reduce the noise, streamline workflows, and give you strong coverage without compromising on speed or innovation.<\/p>\n\n\n\n

<\/span>1. Inside Astra\u2019s API Security Platform (currently in Beta)<\/strong><\/span><\/h2>\n\n\n\n
\"astra-api-integrations\"<\/figure>\n\n\n\n

Cloud Mirroring API Integrations for AWS and GCP<\/strong><\/h3>\n\n\n\n

The Problem<\/strong><\/p>\n\n\n\n

Security groups often can not see stay API visitors while maintaining current services intact. Monitoring with agents and injecting SDKs create troubles, especially in manufacturing settings and with third-party APIs.<\/p>\n\n\n\n

The Solution<\/strong><\/p>\n\n\n\n

Two exciting new features have come to promote flexibility and ease in handling API traffic: <\/p>\n\n\n\n

    \n
  • Cloud Mirroring for AWS & GCP:<\/strong> You can now mirror http traffic from AWS and GCP atmosphere, thanks to the underlying VPC and packet mirroring features. This allows you to look at network requests and API activity because they occur without changing code or disrupting your services. <\/li>\n\n\n\n
  • Proxy-based Instrumentation: <\/strong>Using our custom MITM proxy setup, you can get API traces from tools like Postman, Burp Suite, or Curl. Each trace you collected followed by opentemetry-comPINT formats. In addition, our domain-based filtering option cuts the extra noise so that you can focus on the traffic that matters the most.<\/li>\n<\/ul>\n\n\n\n

    The Impact<\/strong><\/p>\n\n\n\n

    These enhancements give security and QA teams more observation and control over API traffic without adding complexity to the development pipeline. Whether in automatic scan or manual testing workflows, now you can detect requests with accuracy, spot weaknesses rapidly, and ensure better coverage in the atmosphere – cloud or otherwise.<\/p>\n\n\n\n

    Proxy-Based API Instrumentation (Ingress + Sidecar Support)<\/strong><\/h3>\n\n\n\n

    The Problem<\/strong><\/p>\n\n\n\n

    Traffic mirroring isn’t possible in lots of Kubernetes or hybrid cloud environments. This left teams with restricted visibility into east-west traffic or internal offerings not uncovered to the internet.<\/p>\n\n\n\n

    The Solution<\/strong><\/p>\n\n\n\n

    OrbitX now helps proxy-based instrumentation using both ingress and sidecar proxy fashions. This consists of native help for Istio and Envoy, permitting passive traffic capture with no code amendment.<\/p>\n\n\n\n

    The Impact<\/strong><\/p>\n\n\n\n

    Security and DevOps teams can now install OrbitX in formerly unsupported environments along with air-gapped setups and reveal internal API traffic with complete control over interception factors.<\/p>\n\n\n\n

    Azure Functions Integration<\/strong> for<\/strong> Live API Traffic Capturing<\/strong><\/h3>\n\n\n\n
    \"astra-azure-functions\"<\/figure>\n\n\n\n

    The Problem<\/strong><\/p>\n\n\n\n

    Serverless architectures, especially the ones built on Azure Functions, often fall outdoor conventional security monitoring workflows. With confined instrumentation alternatives, groups struggled to benefit visibility into how these APIs behave in actual time\u2014leaving gaps in their security posture.<\/p>\n\n\n\n

    The Solution<\/strong><\/p>\n\n\n\n

    OrbitX now offers native integration with Azure Functions, leveraging an OpenTelemetry-based totally SDK to reveal and examine API activity seamlessly. This enables real-time request monitoring and more potent protection insights, all without disrupting your serverless workflows.<\/p>\n\n\n\n

    The Impact<\/strong><\/p>\n\n\n\n

    Teams that use Azure Functions can now achieve whole API visibility and threat detection with minimum setup. It\u2019s an effective breakthrough in securing cutting-edge serverless environments without including operational overhead.<\/p>\n\n\n\n

    Kong Gateway Integration<\/strong> for API Security<\/strong><\/h3>\n\n\n\n
    \"astra-kong\"<\/figure>\n\n\n\n

    The Problem<\/strong><\/p>\n\n\n\n

    Companies that occasionally use Kong as an API gateway don’t have enough security visibility. It was challenging to remove persistent blind spots caused by manually synchronizing traffic pathways and API configurations across several environments.<\/p>\n\n\n\n

    The Solution <\/strong><\/p>\n\n\n\n

    OrbitX supports Enterprise and Open Source (OSS) versions and easily connects with Kong Gateway. Using proxy capture or OrbitX plugins to swallow website traffic is simple. Additionally, OrbitX offers comprehensive API discovery through Kong’s Admin API.<\/p>\n\n\n\n

    The Impact<\/strong><\/p>\n\n\n\n

    Security teams may now match gateway configurations with discovery and tracking activities. Security procedures run more smoothly and effectively because of Kong’s backend’s automatic continuous API monitoring, which doesn’t require any extra deployment work.<\/p>\n\n\n\n

    <\/span>2. What\u2019s new with OrbitX?<\/strong><\/span><\/h2>\n\n\n\n

    Native Vanta Integration<\/strong><\/h3>\n\n\n\n
    \n
    \"astra-vanta\"<\/figure>\n<\/figure>\n\n\n\n

    The Problem<\/strong><\/p>\n\n\n\n

    During compliance audits (SOC 2, HIPAA, ISO 27001), groups often rush to produce updated pentest effects. Without automation, they had to export reviews, which resulted in delays and inaccuracies manually.<\/p>\n\n\n\n

    The Solution<\/strong><\/p>\n\n\n\n

    OrbitX is now linked with the Vanta Marketplace. Users can send pentest consequences, vulnerability states, and compliance evidence into Vanta without delay, which also helps map issues to compliance controls.<\/p>\n\n\n\n

    The Impact<\/strong><\/p>\n\n\n\n

    Now, users can sync their security data with Vanta straight from the Astra dashboard, simplifying compliance processes and lowering the manual labor required to prepare audits.<\/p>\n\n\n\n

    Bulk Actions for Vulnerability Statuses<\/strong><\/h3>\n\n\n\n
    \"astra-bulk-vulnerability-status\"<\/figure>\n\n\n\n

    The Problem<\/strong><\/p>\n\n\n\n

    Managing a large volume of vulnerabilities was time-consuming. Users had to update statuses individually, even when several findings were related to the exact root cause, thus slowing down triage and remediation, especially after extensive scans.<\/p>\n\n\n\n

    The Solution<\/strong><\/p>\n\n\n\n

    The OrbitX interface now allows bulk updates, enabling users to pick out numerous vulnerabilities and modify their statuses in a single flow.<\/p>\n\n\n\n

    The Impact<\/strong><\/p>\n\n\n\n

    This dramatically reduces AppSec teams’ triage time, allowing quicker reaction throughout coordinated remediation operations, specifically after big scans or pentests.<\/p>\n\n\n\n

    Scan Rule Exclusion Controls<\/strong><\/h3>\n\n\n\n
    \"astra-scan-rules\"<\/figure>\n\n\n\n

    The Problem<\/strong><\/p>\n\n\n\n

    Previously, users had limited conscience except for specific routes or URLs when scanning API and cloud assets. While web goals allowed this level to adapt, API and cloud processes lack uniformity, resulting in noise results and unnecessary testing.<\/p>\n\n\n\n

    The Solution<\/strong><\/p>\n\n\n\n

    Now you can exclude the special URL directly from the target setting page for both API and cloud assets, as you can do so with the targets setting page. This provides more control and stability in the scan in the atmosphere.<\/p>\n\n\n\n

    The Impact<\/strong><\/p>\n\n\n\n

    Security teams can fix the scale of scanning to reduce the noise of API and cloud assets, reduce false positivity, and align with real-world risks. It is a simple but powerful update that provides important accuracy to a broader category of target types.<\/p>\n\n\n\n

    “Test Connectivity” Feature in Scan Setup<\/strong><\/h3>\n\n\n\n

    The Problem<\/strong><\/p>\n\n\n\n

    Connectivity issues like unreachable URLs, community regulations, or misconfigured authentication regularly brought on scans to fail unexpectedly. These issues had been most effectively determined after setup, mainly to frustration and wasted time.<\/p>\n\n\n\n

    The Solution<\/strong><\/p>\n\n\n\n

    We\u2019ve introduced a \u201cTest Connectivity\u201d button inside the goal setup workflow. Before launching an experiment, customers can now affirm whether the target URL is offered from Astra\u2019s infrastructure, giving them a risk of capturing ability problems early.<\/p>\n\n\n\n

    The Impact<\/strong><\/p>\n\n\n\n

    This small but powerful characteristic helps save you failed scans, improves onboarding accuracy, and saves precious time by using allowing users to validate connectivity in advance\u2014proper from the setup display screen.<\/p>\n\n\n\n

    <\/span>Other Key Improvements<\/strong><\/span><\/h2>\n\n\n\n

    Target Navigation Improvements<\/strong><\/p>\n\n\n\n

    Clicking on a subscription now leads you to the related target without delay, eliminating useless navigation steps and accelerating daily sports.<\/p>\n\n\n\n

    Rescan Countdown Timer<\/strong><\/p>\n\n\n\n

    A countdown timer for vulnerability rescans was added to enhance group coordination at some point during remediation and validation.<\/p>\n\n\n\n

    Time-Based Filters for Vulnerabilities<\/strong><\/p>\n\n\n\n

    Users may also clear out vulnerabilities by discovery or reporting date, making examining new and vintage consequences smooth.<\/p>\n\n\n\n

    Improved Mobile App Onboarding Flow<\/strong><\/p>\n\n\n\n

    Mobile app onboarding for Android and iOS has been revamped with step-by-step steerage for real-international tool trying out and instrumentation.<\/p>\n\n\n\n

    Custom Header Management in UI<\/strong><\/p>\n\n\n\n

    Users might also now add or exchange authorization headers at once in the UI, stopping failure scans because of expired or missing tokens.<\/p>\n\n\n\n

    Recurring Pentest Scheduling<\/strong><\/p>\n\n\n\n

    OrbitX now allows teams to schedule recurring quarterly or annual pentests without delay, which improves compliance workflows and finances alignment.<\/p>\n\n\n\n

    <\/span>Looking Ahead<\/span><\/h2>\n\n\n\n

    While this Spring’s updates move us closer to our vision of seamless, continuous security, there’s much more on the way.<\/p>\n\n\n\n

    In the coming months, we are working to improve how teams consume and act on insights, such as more intuitive reporting formats targeted to different personas, deeper lightning scans that uncover threats faster, and a better DAST engine that incrementally learns where to search. We’re also making collaboration easier with planned features like bi-directional JIRA sync and improved compliance visibility included in the dashboard.<\/p>\n\n\n\n

    Our Trust Center experience will also be improved to make security posture sharing easier and more engaging for users. For those looking to start immediately, fully self-service cloud scanning for AWS, GCP, and Azure is just around the corner.<\/p>\n\n\n\n

    As always, we strive for robust and practical security \u2013 something your team can trust, embrace, and scale.<\/p>\n\n\n