Entrance, a Tel Aviv-based startup building a security platform that helps enterprises manage and protect their secrets such as account credentials, certificates and API keys, today announced it has raised a $6 million seed round led by StageOne Ventures and Hyperwise Ventures. A number of angel investors, including Trusteer and Transmit Security founders Rakesh Loonkar and Mickey Boodaei, as well as Imperva founder Amichai Shulman, also participated in this round.
Today’s businesses often have to manage thousands of secrets across an ever-growing number of services – and often they don’t even know how much their employees have made. These secrets are also often spread and secret scanners and similar tools exist to ensure that this information does not leak, these tools know nothing about the context in which these secrets are used. For example, if a secret is revealed in a piece of source code that has already had its privileges removed, it’s not exactly a high priority for recovery.
The company was co-founded by Itzik Alvas (CEO) and Adam Cheriki (CTO), who first met during their time in the Israeli security forces. Alvas previously worked at a healthcare company and then as a senior SRE manager at Microsoft, while Cheriki worked in a number of security roles at major technology companies such as IBM, Javelin Networks, Symantec and Broadcom.
“Secrets were always a big deal for me and (Adam) as well,” Alvas told me. “We have been working on it for a long time and in our previous positions we were responsible for secret security. We saw how secrets were created and handled without proper security oversight – and we decided to do something about it.”
He noted that the team built Entro specifically with CISOs and security teams in mind. The service provides these stakeholders with insight into how their secrets are stored, whether in vaults, collaboration tools, cloud environments, and SaaS platforms. It then analyzes the secrets found, correlates them with workloads, and provides users with a clear dashboard that helps them understand potential issues.
“We talked to over 100 CISOs and heard the same complaints over and over again,” says Alvas. “Companies have no idea how many secrets they keep
the cloud, where they are, who uses them and most importantly how to protect them.”
Typically, companies use a variety of tools to manage and secure their secrets, including scanners such as Gitleaks, vaults from the likes of AWS, Azure, or HashiCorp, and CI/CD secret scanners like Cycode or Aqua’s Argon.
One of Entro’s key differentiators, Alvas noted, is that it’s an end-to-end monitoring solution. This allows the service to understand the context in which secrets are used and help developers and security teams determine the issues to focus on. The company’s service also integrates with a company’s existing vaults, CI/CD systems, tools like Confluence where developers can share credentials, and others. In minutes, Entro can provide businesses with a single pane of glass to identify and recover the secrets that may be at risk.
“Over the past few years, we have witnessed companies being devastated by covert cyberattacks that have been highly damaging. Today, R&D teams are forced to manage a growing number of secrets in their development and tend to spread them across different vaults, repositories, and services, while security teams are having an incredibly difficult time combating this problem. This is where Entro Security comes to the rescue,” said Nofar Schnider, Director of StageOne Ventures.