Cisco’s strategic acquisitions of Astrix and WideField bolster its Non-Human Identity (NHI) security capabilities. (Illustrative AI-generated image).
- Cisco is acquiring Astrix and WideField to enhance its security offerings in non-human identity management.
- These acquisitions aim to protect the increasing number of AI agents, bots, and automated systems that manage business processes.
- Astrix focuses on discovering and managing non-human identities, while WideField specializes in threat detection and response for these identities.
- The move integrates crucial capabilities into Cisco’s security stack, addressing a gap in its previous portfolio.
- This acquisition reflects a broader industry trend where identity is becoming the primary security perimeter in the AI era.
- Enterprises may benefit from simplified security operations, while competitors face increased pressure in the identity security market.
Cisco Acquires Astrix and WideField to Enhance Non-Human Identity Security
Cisco is expanding its security offerings by acquiring two startups, Astrix and WideField, to address the growing need for non-human identity security. This strategic move positions Cisco to better protect the increasing number of automated systems, AI agents, bots, and software programs that manage critical business processes. The acquisitions align with a broader industry trend where identity is becoming the new security perimeter, especially in the age of AI.
These acquisitions aim to bolster Cisco’s ability to secure what is often referred to as the “agentic workforce.” These non-human entities, much like human employees, possess digital identities that require management, access permissions, and monitoring. Historically, these identities have not received the same level of security scrutiny as human users, creating significant vulnerabilities.
Astrix specializes in managing and securing identities for machines, workloads, and other non-human entities. WideField focuses on identity threat detection and response across hybrid environments, encompassing both cloud and on-premises systems. Together, these companies are expected to provide Cisco with a comprehensive suite of tools to gain visibility, govern, and protect all identities within an organization, regardless of whether they are human or machine.
Cisco Buys Astrix and WideField for NHI Security
Announced in early April 2025, the financial terms for both acquisitions were not disclosed. Cisco confirmed that these purchases are integral to its strategy of embedding non-human identity capabilities directly into its existing security portfolio, which includes firewalls, zero-trust solutions, and Secure Access Service Edge (SASE) products.
Astrix, a recent startup, developed a platform designed to discover and manage non-human identities. Its technology identifies API keys, service accounts, and machine certificates within a corporate network, tracking their usage and permissions. WideField, conversely, concentrates on threat detection, monitoring for anomalous behavior associated with these identities, such as a service account accessing unfamiliar sensitive data.
These acquisitions address a critical gap in Cisco’s offerings. While Cisco has robust solutions for network, endpoint, and cloud security, it previously lacked native capabilities for non-human identity security. This gap has become increasingly problematic as companies adopt more AI and automation, leading to the creation of thousands of new machine identities monthly.
Cisco is not alone in prioritizing non-human identity security. Competitors like Microsoft are integrating these features into their Entra ID platform, while CrowdStrike has added similar modules to its Falcon platform. Other vendors, including CyberArk and HashiCorp, also offer solutions in this domain. Cisco’s move, however, signifies its ambition to be a leading identity security vendor, extending beyond its traditional network and endpoint focus.
Why Non-Human Identities Matter Now (AI Agents, APIs, Bots)
A non-human identity refers to any digital identity that does not belong to a person. This includes API keys facilitating software-to-software communication, service accounts for automated database operations, bots for web scraping, and AI agents performing tasks like code generation or customer service.
The proliferation of these identities has been rapid. In many large organizations, non-human identities now significantly outnumber human ones. This trend is accelerating with the increased deployment of AI agents, APIs, and automation, each requiring access to systems and data, and each posing a potential security risk if compromised or misused.
A key challenge is the inadequate management of these identities. Unlike human employees who undergo formal onboarding, access reviews, and security training, machine identities are often provisioned with less oversight. They may possess excessive permissions, remain active indefinitely, and are difficult to monitor due to their non-interactive nature.
This lack of management creates substantial security vulnerabilities. A compromised service account can enable lateral movement within a network, granting access to sensitive data. Exposed API keys can provide unauthorized external access to internal systems. AI agents with overly broad permissions could cause accidental or intentional damage. Incidents involving compromised machine identities have become increasingly common.
The rise of autonomous AI agents intensifies this issue. These agents can perform tasks, make decisions, and take actions at machine speed, necessitating robust identity management and monitoring capabilities that can keep pace.
Cisco’s acquisitions are a direct response to these challenges, aiming to provide organizations with the same level of visibility and control over machine identities as they have over human ones.
How Astrix and WideField Fit Cisco’s Existing Security Stack
Cisco’s security portfolio encompasses solutions like Cisco Secure Firewall, Cisco Duo for multi-factor authentication and zero-trust access, Cisco Secure Endpoint for device protection, and Cisco Secure Access (SASE) for unified network and cloud security.
Previously, Cisco lacked a dedicated tool for non-human identity management, requiring customers to seek third-party solutions or develop their own. This resulted in complexity and visibility gaps, where security teams might have strong oversight of human users but blind spots regarding machine identities.
Astrix addresses the management and governance aspect by discovering non-human identities across cloud, on-premises, and SaaS environments. It assesses identity risk based on permissions and behavior, and helps enforce policies like key rotation and account revocation, offering a centralized view of machine identities.
WideField complements this by providing identity threat detection and response (ITDR). It monitors for suspicious activities across all identities, human or non-human, detecting anomalies like unusual access attempts by service accounts or API key usage from unexpected locations. It can also trigger automated responses, such as blocking access or alerting security teams.
These products are designed to integrate with Cisco’s existing tools. For instance, WideField could trigger a policy in Cisco Duo to block a compromised service account, or Astrix could inform Cisco Secure Firewall about an overly permissive API key to restrict its actions.
This integration is central to Cisco’s strategy, aiming to weave these capabilities into its broader platform for a unified security system covering all identities, devices, and networks.
The Bigger Trend: Platform Vendors Race to Secure the Agentic Workforce
Cisco’s acquisitions reflect a broader industry trend where security platform vendors are rapidly adding non-human identity capabilities. Identity is increasingly viewed as the new security perimeter, particularly with the growing reliance on AI agents and automation in business operations.
Microsoft is enhancing its Entra ID platform with tools for workload identities and service principals. CrowdStrike has introduced an identity module to its Falcon platform for detecting threats involving machine identities. Vendors like CyberArk and HashiCorp have long offered privileged access management solutions that extend to non-human identities.
The surge in machine identities, driven by AI and automation, necessitates robust security measures. The traditional approach of treating machine identities as secondary is no longer viable. Security teams require specialized tools for discovery, management, and monitoring, mirroring practices for human users.
The agentic workforce, comprising sophisticated AI programs that operate autonomously, further complicates security. These agents can perform complex tasks at high speeds, challenging traditional security monitoring methods.
Securing the agentic workforce demands a shift towards automated, real-time monitoring and threat response, capabilities offered by Astrix and WideField. Cisco’s investment underscores the belief that identity will be the primary control plane for security in the AI era.
The control plane, traditionally associated with network security like firewalls, is evolving. In zero-trust models, it’s often an identity provider. Cisco’s strategy suggests that in the AI era, the control plane must encompass both human and non-human identities, making identity the paramount factor in security decisions.
The concept of identity as the new perimeter has been discussed for years, but the rise of AI agents and automation makes it a critical imperative. Organizations must move beyond network boundaries to gain precise visibility into who and what is accessing their systems and enforce policies accordingly.
What This Means for Enterprises and Competitors
For enterprises, Cisco’s acquisitions could streamline security operations by offering integrated non-human identity management and threat detection within its existing stack, potentially reducing complexity and costs.
However, integrating two startups into a large company’s portfolio can present challenges. Customers will await details on availability, pricing, and compatibility with non-Cisco security tools.
For competitors, Cisco’s move signals a serious commitment to identity security, potentially positioning it as a stronger rival to identity-focused vendors like Microsoft and CrowdStrike. While Microsoft’s Entra ID is a leader in human identity management, its non-human capabilities may not match the depth provided by Astrix and WideField. CrowdStrike’s identity module is robust but part of a platform known primarily for endpoint security.
Companies already utilizing specialized solutions from CyberArk or HashiCorp may not immediately switch. However, tight integration into Cisco’s platform could appeal to existing Cisco security customers.
The acquisitions also indicate a broader industry trend toward consolidation, where identity security capabilities are being integrated into larger platforms. This offers customers easier management and potentially more effective solutions compared to fragmented point products.
Consolidation, however, can limit customer choice and increase reliance on a single vendor, potentially amplifying the impact of any security weaknesses.
What’s Next: Integration and Roadmap (What We Don’t Know Yet)
Cisco has yet to provide specific details regarding the integration roadmap and customer availability of the combined capabilities from Astrix and WideField. Further announcements are expected regarding how these new non-human identity security features will be incorporated into Cisco’s existing product lines and pricing models.
Frequently Asked Questions
What are non-human identities?
Non-human identities are digital identities not belonging to people. This includes API keys, service accounts for automated tasks, bots, and AI agents. They are essential for software communication and automated processes but require robust security management.
Why is Cisco buying Astrix and WideField?
Cisco is acquiring Astrix and WideField to gain specialized capabilities in managing and securing non-human identities. This move aims to fill a gap in Cisco's security portfolio and address the growing risks associated with automated systems and AI agents.
How do Astrix and WideField work together?
Astrix focuses on discovering and governing non-human identities, providing visibility and control. WideField specializes in detecting threats and responding to suspicious activities involving these identities. Together, they offer a comprehensive solution for non-human identity security.
What is the 'agentic workforce'?
The 'agentic workforce' refers to the collective of automated systems, AI agents, bots, and software programs that perform business processes. These entities have digital identities that need to be secured, managed, and monitored like human users.
Why is identity considered the new security perimeter?
As organizations increasingly rely on digital interactions and cloud services, traditional network boundaries are less effective. Identity-whether human or machine-becomes the critical factor in determining access and enforcing security policies, making it the new perimeter.
What are the security risks of unmanaged non-human identities?
Unmanaged non-human identities can lead to significant security risks, including unauthorized access to sensitive data, lateral movement within networks by attackers, and potential damage from compromised AI agents or service accounts. They often have excessive permissions and are difficult to monitor.
How does this acquisition affect Cisco's competitors?
The acquisitions signal Cisco's strong intent to compete in the identity security market, potentially challenging established players like Microsoft and CrowdStrike. It pushes competitors to strengthen their own non-human identity security offerings.
