Non-human ID Lifecycle

12670028882?profile=RESIZE_192XNon-human Identity (NHI) lifecycle firm Entro Security (https://entro.security) has raised $18 million in a Series A funding round led by Dell Technologies Capital and including angel investors. The funds will be used to scale the firm’s global operations, including increasing its headcount from 35 to around 80 by the end of 2024.

Entro’s platform is designed to bring order to the increasingly chaotic management of non-human identities.  Identity management has always been problematic, but the growth of digital transformation and expansion of cloud infrastructures has led to a massive and increasing use of non-human, machine identities.  Entro suggests approximately 45 non-human identities exist for every human identity in use, scattered across multiple vaults and secret stores.

Managing the lifecycle of these identities is hard.  “Both IBM and Verizon reports ranked NHI and secrets breaches as the second most frequent attack and the costliest one,” comments Itzik Alvas, CEO and co-founder of Entro Security.  There are thousands of unmanaged NHIs in each organization, with more permissions than needed, resulting in widespread vulnerabilities, says the firm.[1]

The recent compromise of Dropbox Sign discovered on 24 April 2024 and announced01  May 2024, is an example of an NHI breach.  “The actor compromised a service account that was part of Sign’s back end, which is a type of non-human account used to execute applications and run automated services,” announced Dropbox.

The Entro platform automates governance for secrets and NHI management: recognizing them at creation, vaulting and rotating them automatically, and decommissioning idle or stale identities.

It provides detection and response in real-time on-premise, in the cloud, and across SaaS applications.  It gives visibility at creation, storage, and exposure locations, enriching that visibility with business context.  It identifies risks for remediation and can detect and respond to abnormal behavior.  It also helps to ensure compliance with regulations such as SOC2 and GDPR.

Entro Security emerged from stealth with $6 million in seed funding in May 2023.  It was founded by Adam Cheriki (CTO) and Itzik Alvas (CEO), alumni of Israel’s IDF cyber units.  The firm is headquartered in Boston, Mass. With this Series A round, it has now raised $24 million.

 

This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  Our services can help detect cyber threats and vulnerabilities.     For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225 or feedback@redskyalliance.com    

Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5378972949933166424

 

[1] https://www.securityweek.com/non-human-identity-lifecycle-firm-entro-security-raises-18-million/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!