February 21, 2024

within, a Tel Aviv-based startup building a security platform that helps businesses manage and protect their secrets such as account credentials, certificates, and API keys, announced today that it has raised $600 in a round led by StageOne Ventures and Hyperwise Ventures. $10,000 seed round of financing. Angel investors including Trusteer and Transmit Security founders Rakesh Loonkar and Mickey Boodaei, as well as Imperva founder Amichai Shulman also participated in the round.

Today’s enterprises often have to manage thousands of secrets across an ever-increasing number of services, and often they don’t even know how many secrets their employees are creating. These secrets are also often scattered, and secret scanners and similar tools exist to ensure that this information does not leak, and these tools know nothing about the context in which these secrets are used. For example, if a secret is exposed in a piece of source code, and its permissions have been removed, then this is not a high priority to fix.

The company was co-founded by Izzic Alvas (CEO) and adam cheriki (CTO), they first met during their time in the Israeli security forces. Alvas previously worked at a healthcare company and then at Microsoft as a senior SRE manager, while Cheriki held various security positions at large technology companies including IBM, Javelin Networks, Symantec, and Broadcom.

“Secrets have always been a big issue for me and (Adam),” Alvas told me. “We dealt with it for a long time, and in our previous position, we were responsible for secret security. We saw how secrets could be created and handled without any proper security oversight — and we decided to do something about it.”

Image credits: entrance security

He notes that the team built Entro with CISOs and security teams in mind. The service gives these stakeholders insight into how their secrets are stored, whether in vaults, collaboration tools, cloud environments, and SaaS platforms. It then analyzes the secrets it discovers, correlates them to workloads, and provides users with an intuitive dashboard that helps them understand any potential issues.

“We talked to over a hundred CISOs and heard the same complaints over and over again,” Alvas said. “Companies don’t know how many secrets they hold
Clouds, where are they, who is using them, and most importantly, how to secure them. “

Typically, companies use a variety of tools to manage and protect their secrets, including scanners like Gitleaks, vaults from companies like AWS, Azure, or HashiCorp, and secret scanners for CI/CD like Cycode or Aqua’s Argon.

Image credits: within

One of Entro’s key differentiators, Alvas noted, is that it’s an end-to-end monitoring solution. As a result, the service understands the context in which secrets are used and is able to help developers and security teams prioritize where they should be concerned. The company’s service also integrates with a company’s existing vault, CI/CD system, Confluence, and other tools, where developers can share credentials and other tools. In minutes, Entro provides enterprises with a single pane of glass to identify and remediate potentially risky secrets.

“In recent years, we have witnessed how companies have been wiped out by highly damaging secret-based cyber-attacks. Today, R&D teams are forced to manage more and more secrets in their development processes and tend to spread them across Different vaults, repositories and services, and security teams struggle to figure this out. That’s where Entro Security can help,” said Nofar Schnider, principal at StageOne Ventures.