Entro, an Israeli cybersecurity startup offering secrets security and management, recently announced $6 million in seed funding led by StageOne Ventures and Hyperwise Ventures. Founded by CEO Itzik Alvas and CTO Adam Cheriki to address secret-based breaches, Entro continuously monitors and protects secrets and programmatic access to cloud services and data. Angel investors include Rakesh Loonkar, founder of Trusteer and Transmit Security, Mickey Boodaei, founder of Imperva, Trusteer and Transmit Security, and Amichai Shulman, founder of Imperva and AirEye.
According to the Verizon 2022 Data Breach Investigation Report, secret-based breaches are among the top three attack vectors today and the most destructive breach type to an organization. Secrets security refers to the practice of protecting machine and cloud access keys and credentials from unauthorized access, disclosure or use. Secrets are often programmatic access keys (such as API keys, access tokens, connection strings, etc.) used by applications to access sensitive data and cloud services. With cloud services on the rise, even more secrets are being created by R&D teams. Today there are a minimum of 500 secrets per organization scattered across at least five different secret stores. Adding to the risk, the DevOps teams creating the secrets are not responsible for securing them.
Currently, companies are relying on vaults for storage and secret scanners that search for leaked and exposed secrets. These solutions do not provide context about stored secrets, nor do they monitor or provide details about the cloud tokens or provide insights into usage, abnormal behavior or any correlated risk per secret.
“In recent years, we have witnessed how companies were devastated by secret-based cyberattacks that were highly damaging. Today, R&D teams are forced to manage a growing number of secrets in their development and tend to spread them across different vaults, repositories and services, while security teams are having an incredibly hard time combatting this problem. This is where Entro Security comes to the rescue,” said Nofar Schnider, principal at StageOne Ventures. “With their unique solution and skilled team, they are able to help security teams regain control while providing unparalleled suggestions and insights into the current state of the organization’s secrets management.”
“Entro came to our attention because they are the first to holistically address a high-demand security problem that is growing exponentially,” said Ben Omelchenko, Hyperwise managing partner. “As organizations increase the interconnectivity between their cloud services, they proliferate more and more secrets across the IT landscape, significantly increasing vulnerability to attacks.”
How the Entro platform works
A game changer in the secrets management and protection vertical, Entro is the first and only holistic secrets security platform that detects, safeguards and provides context for secrets stored across vaults, source code, collaboration tools, cloud environments and SaaS platforms. Entro was designed specifically for CISOs and security teams, providing them with full oversight and the ability to govern any secret from a single pane of glass, integrating into all places in which secrets can be found including BYOV (bring your own vault).
In addition to safeguarding cloud services and data from secret-based breaches, Entro helps organizations meet regulations like SOC 2 that require secrets protection such as rotation, which the platform easily enables. Entro acts as a non-inline layer. With this frictionless and agentless approach, organizations can integrate and get full secrets protection in minutes without any R&D team onboarding. It seamlessly integrates with R&D teams’ workflows and empowers organizations to use their preferred tools, without sacrificing security or development time and effort.
“As a cloud-first security company, the number of secrets, API keys and connection strings we have can become overwhelming,” said Avishai Avivi, CISO of SafeBreach. “As we were coming up on our key rotation period, I realized we needed help identifying the ones throughout our different environments and repositories.”
“Between AWS, Atlassian and Slack, Entro discovered all our known secrets and keys plus some I was not aware of, including a secret shared in a screenshot. Using Entro helped my team gain total visibility into all the secrets across our different AWS accounts, code repositories and collaboration tools. Now that we have that visibility, we can easily manage them. The Entro workflow and UI are intuitive and allow us to identify and manage new secret-related risks through remediation.”
Entro provides deep secrets analysis and metadata enrichment as well as identifies abnormal or malicious secrets activity. In real time, teams can track the activity of any and all secrets, including enhanced secrets lineage correlation, and gain in-depth visibility to owner, enablement status, permission or cloud services privileges, the correlated service and risk level.
“We spoke with more than a hundred CISOs and heard the same complaints over and over,” said Itzik Alvas, CEO and co-founder. “Companies have no idea how many secrets they hold in the cloud, where they are, who is using them, and most importantly, how to protect them.”
“The Entro platform provides a one-stop shop to protect and monitor all secrets, wherever they are sprawled, leaked or stored,” said Adam Cheriki, CTO and co-founder, adding that both founders experienced secret-based attacks in their past roles from the elite intelligence units at the IDF through Microsoft, Broadcom and other firms.