Entro Helps Enterprises Control Secrets Sprawl

Every organization has secrets. For some smaller organizations, those secrets may be little more than the password to their email service, but for most, the list of secrets is long, and in many cases, not well managed. Worse, many organizations don’t know what secrets they have, where they’re stored or how they’re protected, and in the process almost ensure that they’ll have a security breach. Adding to the complexity of protecting secrets, not everyone knows what security secrets actually are. In this case, these secrets are machine and cloud access keys that protect sensitive data. They may consist of passwords, pass phrases and keys used by applications to access data.

To plug this gap, Entro took a focused approach — a one-stop platform to protect and monitor all secrets, wherever they are sprawled, leaked or stored.

“Our secrets are programmatic access keys,” explained Itzik Alvas, CEO and co-founder of Entro Security. “It’s the only access to every application that is being developed within every organization, such as cloud services, databases or logic accounts. For those applications to authenticate against the cloud service they need a key. Those are the secrets that we are protecting.”

Five Pillars

The Entro Security platform consists of five “pillars” that comprise the overall application. The first pillar is one that will be crucial to many organizations, which is Secret Discovery. The discovery process finds secrets in the enterprise and creates a secrets inventory. The inventory “answers the questions of how many secrets do I have and where are they,” Alvas said. “So, we’re able to discover secrets across different solutions. It can be a vault secret store, code repository, Slack, Wikipedia and others, every place in which secret can be stored or exposed.

The second pillar is Secrets Classification and Enrichment, which is intended to eliminate false positives and prioritize risks. According to Entro, for each discovered secret Entro ensures assigned secret owners and visualizes secret usage and vital actionable information such as when the secret was created, by whom, when it was last rotated (replaced) for regulation, what cloud service it can access, with what permission, who is using the secret and more vital information that security teams need in order to protect the secrets.

The third pillar is Anomaly Detection and Response, which provides continuous monitoring of secrets activity looking for misuse, abuse, secrets abnormal behavior and secrets-targeted attacks, one of the top enterprise attack vectors according to research by IBM and Verizon. Entro finds any abnormal access and safeguards the sensitive information.

The fourth pillar is Misconfiguration. Entro finds misconfigurations and offers recommendations for securing them. For most enterprises this is crucial because misconfigurations are one of the classes of security problems that cause a large share of breaches. One study found that misconfigurations were responsible for 35 percent of all cyber attacks. Common misconfigurations include failure to update security software.

The fifth pillar also finds a significant cause of breaches, which is Least Privilege. Entro removes privileges that are not needed, and if it finds secrets where the privileges are difficult to remove, it will recommend reducing the permissions for such secrets.

“Entro reclaims control over secrets sprawl by security teams. Secrets up until now are handled and created by the R&D teams, which are not responsible to secure them,” Alvas said.

“The number one issue is that security teams must know how many secrets they have, where are they, what they can do, understand the risks that are associated with them and then continuously monitor those secrets for any abnormal behavior or threat” Alvas said.