The Challenge
Product

Platform

Agentic AI Security

Non-Human Identity Security

Secrets Security

Capabilities

Discovery & Inventory

Discover AI agents, NHIs, and secrets across your environment

Classification

Add context to all identities with ownership, permissions, and lineage

Posture Management

Identify and prioritize risks & exposures, and right-size excessive access

NHIDR™

Detect and fix real-time threats and abuse of AI agents and NHIs

Zero Trust, PAM & JIT

Enforce least-privilege access across clouds, agents, and vaults

Lifecycle Management

Manage your identities from creation to rotation and retirement

Integrations
Use cases

Governance and Administration

SOC Automation

Compliance, Posture, and Reporting

Securing Public Cloud and SaaS

Secure the Private Cloud

Mergers & Acquisitions
Customers
Company

About us

Partners

Careers

Contact
Knowledge center

Blog

Videos

Resources

News

Events

Glossary

Home » Knowledge center » Videos

Non-Human Identities: Are they the 2025 blindspot?

March 4, 2025

Non-Human Identities are the second most common and the costliest attack vectors for businesses, yet they remain a blindspot for many organizations.

2025 is the time to reclaim control. This webinar breaks down why NHIs become a blindspot and what security leaders can do next.

Why and how Non-Human Identities become a blindspot in an organization’s cybersecurity strategy
How Entro Security approaches the NHI problem after repeated breach experience and gaps in the market
A practical course of action to reclaim control of NHIs without disrupting business or developer processes

Transcription

00:00:05
hi everyone welcome good afternoon good evening good morning depending on where you are so pleased for everyone to be joining us today as we talk about non-human identities and whether or not they’re the blind spot for 2025 for those who don’t know me I’m Dorene Reedus I am one of the co-founders here at cyber security tribe before we really get into things and before I introduce my esteemed panel uh just a few things around housekeeping here so on the bottom right of your screen you will see

00:00:34
two options to ask questions to the speakers and one another the chat function is an open function that permits everybody who’s viewing this and in attendance to see respond and so a lot of times during these there’s dialogue going on when when a speaker says something the questions widget will direct those questions just to us Paul Olivia and myself and those all field at the end and lastly there is a handout widget and there is a report in there that’s been provided by our partner for today and

00:01:08
that’s entro security and you can download that at any point during today’s discussion lastly today’s discussion is recorded and you will get a copy of the recording in your inbox later on today so with that I’d like to introduce first Olivia Phillips Olivia is the biso at Amtrak she’s a dynamic executive leader with over 20 years of expertise in technology cyber security intelligence and criminal investigations she’s an AI Trailblazer she’s driven award-winning cyber security strategies

00:01:41
and transformative advancements across both public and private sectors she’s renowned for her Visionary leadership and Technical Mastery Olivia continues to shape the future of cyber security through Innovation and strategic excellence and by joining us in things like this so thank you Olivia welcome thank you Paul carpenito is the ceso at ion trading a little bit about ion they are a global market leader in providing Innovative high performance real-time Solutions across multiple asset classes

00:02:13
for electronic trading position management pricing risk management and downstream processing Paul has 23 years technology experience with 20 years of that spent in information tech security across a multitude of Industries he’s the former head of information security with Lowe’s Corporation he has a master’s of science from NYU Law and uh he’s also one of cyber security tribes Advisory board members so thank you Paul he provides content frequently for us and he’s a US infragard active member so

00:02:47
welcome Paul thank you and Itzik Alvas I thank you so much for joining us today he is the co-founder of entro he started his cyber security Journey 20 years ago with the elite IDF cyber unit after spending five years there he transitioned to Industry roles including cyber security manager ciso for a a major healthc Care Organization and head of internal security and Sr at Microsoft after being breached three times he founded entro to protect other organizations from those cyber breaches thank you so much to all of you for

00:03:25
joining us today thanks for having us yep y appreciate it thank thank you so we’re going to Dive Right In non-human identities they’ve been around right but in the last year we’ve seen a lot of press around them a lot more discussions I think because of breaches that have been newsworthy um and what I talk to cesos what’s surprising to me is how many still say they’re prioritizing their human identities over securing those non-human identities when we know that on average organizations have

00:04:01
92 times more non-human identities than human identities think about that the massive amount of RIS that’s created there additionally in IBM’s cost of data breach report for 2024 they shared that breaches involving stolen or compromised credentials took the longest to identify and contain of any attack Vector at almost 300 days so that’s significant so today during this conversation we’re going to obviously talk about the concerns and the risk with non-human identities but also and

00:04:36
the important part here is the action that can be taken to help you secure them so Olivia if you’re okay with it well even if you’re not I’m starting with you um so what I’d love to hear from you is a little bit about what the greatest frictions are in identifying and monitoring non-human identities in in organizations okay um so let me start first start off with I’ll be talking from the industry standpoint not from my employer standpoint uh and going from that it’s uh lack of visibility and inventory of

00:05:12
management um organizer organizations often struggle with uh identifying all and you know non-human identity service accounts apis iot devices and the cloud and poor you know due to poor documentation sprawl across the hybrid of multiple clouds has caused a lot of mismanagement and gaps with accounts and inventory the other one is weak authentication and access controls I know that it’s a big thing uh many a sorry I can’t talk uh non-human identity still rely on uh credentials hard-coded

00:05:52
Secrets or shared accounts um unlike human identities and uh nonh human identities often lack uh abductions authentic authentication there’s Mo you know monitoring and behavioral uh inconsistent governance and ownership that is a big one uh compliance and Lease privileges uh are a big challenge for any organization and securing machino machine communication yeah and Paul do you do you see the same thing or are there other concerns for you within your organization or just from in general I should say the I you know I agree with

00:06:33
Olivia sentiments and I’ll say that the industry by and large suffers from the fact that you know we’ve gotten pretty good at identifying behavior from let’s say human accounts right we could track things like impossible travel anomalies things that look out of the ordinary but when it comes to machine identities or nomin human identities but but let’s you know let’s bring it let’s bring it up just one level let’s make sure we’re talking about the same thing so we talk

00:07:00
about non-human identities we’re talking about things like Secrets management Secrets we’re talking about service accounts we’re talking about Olaf tokens API tokens but it’s really hard to track or identify anomalous behavior when we’re talking about non-human identity right because they run 247 not only that they usually have a a very high exposure to sensitive data because they’re operating 247 they’re usually involved in a in a process or moving data backups for instance so it’s really hard to

00:07:34
track you know anomalies and what looks out of the ordinary and you know as Security Professionals we we do try to apply the same rules that we do across the board things like principal principles of zero trust least priv least privileged but they’re all disparate all fragmented approaches to trying to solve this complicated problem also say that there’s this significant attacks and you know threat actors know this right so they know know how to attack non-human identities you know o fishing fishing is on the rise with o

00:08:08
tokens right third- party engagement sending users request to install apps and by the way a lot of these accounts are overprivileged because no one knows how to privilege them no one knows how to privilege them operations will typically privilege an account and they’re over they tend to be overprivileged and then you have the audit side how do you track and and monitor and you know extremely low visibility yeah and and a lot of these are not being monitored right and you don’t know where they are so we’re the

00:08:38
blind spot component to it is so critical so it’s a um if you could chime in here as well with what you’re hearing obviously from customers but also we talk about them being a blind spot we’re hearing that it can be 300 days before these are detected can you shed some light on on that yeah I think um I think what you said earlier about uh for every human identity there are 92 times non-human identities within an average organization like even the share size of them it’s uh it’s insane right how can

00:09:12
you identify all of them now those non-human identities uh those service accounts API Keys connection strings they are being created usually by developers Devo obsessories uh with without any proper security oversight or protocols and they are scattering them around right they need to create them so the application can use them in order to authenticate against some sort of resource the application needs like maybe a database so they’re creating them and they are storing them somewhere uh so so yeah you know even to identify

00:09:46
all of them that’s that’s a huge huge issue and and then because those are being scattered around by the development teams um sometimes they are being uh stored in a public place uh that can be reached outside the organization and if that’s the case going back to what you said about uh like the biggest uh or most um important survey IBM cost of data Bridge are saying yeah they are saying it will take on average more than 4 300 days sorry to to identify such a bridge uh by the way we’ve done our our own research

00:10:26
uh where we exposed a bunch of non-human identities usually those will be M um breached or used by an attacker within a few minutes uh so yeah it’s uh it’s not a it’s not a simple problem uh and definitely you will need to understand where are all of them um can I I’m sorry can I can I can I just interject for a moment so the other side of that is there’s issues with changing or rotating keys right nobody rotates Keys afraid no that’s the account is running out of service to rotate a key

00:11:03
so the keys persist the other side is offboarding right when a when a application or service is decommissioned is it properly being off boarded like likely not so it’s sitting out there you know these are all these are all significant exposures for for organizations right but let me ask you that Paul why do you think no one is rotating them or decommissioning them like what what do you think is the you break the root cause of that you break you know you break something right there’s an application exactly there’s an

00:11:34
application that uh that is using the token to access and authenticate against the database and if you will rotate it decommission it maybe the application fail but why are we afraid because we’re lacking the context we’re Laing the visibility we don’t know which application are using them and you don’t know who owns it correct or who’s managing exactly who’s the human owner even if I know which application is using it who can who has per missions to do that um so so yes like getting an

00:12:03
inventory in place and and getting the right enrichment and context and classification around them how they are being used what’s the data flow um that will probably solve and and it is solving like we’re seeing it in our customer base um that’s solving the the rotation and the the commission problem and we’ve seen that happen I’m kind of going to go off script for a minute and I I know Paul I have a question for you but Olivia in um a conversation we had not too long ago we

00:12:30
were talking about the fear of um breaking something if you will or disrupting things because you really don’t know which of those non-human identities are being used and in which way and if you do something is it going to disrupt everything and we’ve seen organizations make some errors there as well can is that something that concerns you for overall for the industry again I keep saying that because we know we don’t want to focus on your current organization yeah from an industry stand

00:12:59
yes that that kind of keeps you up at night because you want to do your due diligence and making sure accounts or accounts that you know of are being changed and they are being secured meeting you know the 30 character passwords or whatever your policy states depending on if you’re following nist or another industry standard but that doesn’t happen all the time and then sometimes there’s accounts where you don’t know and then all of a sudden where you’re doing scans and you find

00:13:27
these you’re like oh there’s a four character password for a system why do we have this and why can’t we change it and what will it take to change it and then it becomes into a cost thing like how much is it going to cost to change this because you got to see where it’s hardcoded at where is it connected how is it going to affect it and can I bring the system offline to change to change it and sometimes that’s not you can’t do that so you have to find other avenues and other

00:13:57
workarounds Paul i w to um get into compliance challenges specific to non-human identity can you share your views on those compliance challenges sure I mean the by and large the industry just does not know how to audit against non-human identities right and it’s it’s very common it’s very common for thirdparty Auditors to look at let’s say a sample of your service accounts and that’s only a very small representation of all the accounts and you know again to Olivia’s point how do you tie that

00:14:30
back to an owner so they’re never tied back to an owner off Keys things like that are never tied back to an application owner or a a group things like that so it becomes very tricky to try to to try to audit and by the way getting back to getting back to organizations that that are significantly or have a significant risk factor snowflake organizations right that rely on that service technology to run their business that are mostly service account driven they have a huge problem tremendous exposure

00:15:00
so it’s a real big problem for the industry yeah I I agree there’s some good data so if there’s a report that cisa published and real good real good and scary statistics by cisa and it shows percentages of you know I guess Executives who were were queried over time about their thoughts about nhis and real good resource there’s a a good question that was dropped in the chat that I’d like to open up to the three of you and um Edward posted aren’t all non-human identities really connected to a human

00:15:37
right at the end of the day doesn’t it come back to accountability what are your views on that sure so what if what if so okay assuming that it does or it did or we do have a spreadsheet somewhere and that’s where it would exist right a living spreadsheet who updates it the other thing is what happens when that person leaves your organization and data gets stale so not maybe maybe you can do that with service accounts you can’t do that with API Keys you can’t do that with things

00:16:05
like ooth tokens correct well it it should it should be like that like every entity every everything should be attached to a human owner uh but at the end of the day again like developers are cating them not saying a word to anybody about that everyone know everyone knows what happen spreadsheets when you have to when you have to update a common spreadsheet spreadsheet everyone knows what happens exactly it’s uh it’s just super difficult to attach to to attach a non-human identity to to a human uh to a

00:16:41
human owner and exactly what happens when he lives probably his manager is responsible for that uh who who’s making that uh that connection and with2 per human it’s hard to manage all that it starts somewhere but then where does it you know as you guys have said somebody leaves ownership change um it could be a promotion and someone’s no longer responsible there’s a variety of reasons that could impact that I’m curious and and I’m gonna ask Olivia and Paul this because I mentioned

00:17:13
that in recent discussions with cesos they have stated that they’re still prioritizing the human identities over the non-human identities um and so when they’re looking at budgets and investment it’s always going to human identities first knowing what we know why is that I I’m truly curious why non-human identities have not been a significant Focus for organizations to date and I don’t know if that comes down to a board understanding it or some other reason but I’m curious if you guys

00:17:45
have any insights or why you think that may have been in the past because I do think we’ll see a shift I do I I could sorry I could I could have fine but just to just to close up the last question so if you list your service accounts API if you list all of your tokens in one spot you aggregate all that data guess what you’ve done you’ve provide a perfect list for threat actors to leverage and go hunt down high priv high value High Target high privileged accounts in your organization

00:18:15
and these are high privileged accounts these aren’t accounts that that have low privileges they’re designed to run a service connect to a third party but but Doren getting to your question it’s very hard for it’s very hard hard to describe what a non-human identity is in context to leadership right and get that budget so you’re at a board meeting very hard to describe what a nonhuman identity is and why it’s a concern so often we as I said as I said in the beginning of the of the

00:18:48
discussion it’s we have disparate or fragmented tools to address some of the areas for non-human identities but not not holistically so what that lends itself to is budgets getting offset to focus on one area because it provides a little bit of coverage right so there tools for let’s say Secrets management doesn’t cover everything privilege access management doesn’t truly address the problem that we’re we’re discussing here but it’s easier to put that in context in front

00:19:19
of a board than it is something like non- human human identity sorry Olivia you were saying oh no I I think it goes back to communication and the overall risk to the organization and presenting that picture doing the I guess I like to do the storytelling of explaining hey this is the risk um this is you know the potential cost of that you know of this risk if we get compromised and having them understand it but as you know things are always changing you know it’s non-human identity right now it could be

00:19:51
something with AI or it could be something you know another threat within the organization and I know it’s it’s always evolving yeah and I know you know more than anyone because you’re you’re an AI Visionary but AI attacking non-human identities is probably one of the larger issues right now as well um two things so first of all just as a side note we had a a report released this morning it’s our state- of the industry report and we asked um cesos and practitioners if they felt like a separate solution

00:20:26
was needed for non-human identities and there’s a lot of information in that report but every single one of them said yes so that’s why I think that we’re going to start to see things shift over time we did have um someone ask a question that’s not in the chat so I won’t name them but it’s a great question and she says why does it take I won’t say the word because we’re recorded blank hitting the fan before changes occur what are some of your recommendations to bridge making making

00:20:58
these types of Chang changes and so the reason I’m addressing this now is we’re obviously going to get into how what are some of the actionable items but I think when we talk about Paul saying like reporting to the board and it’s harder for them to really understand what non-human identities are how do you bridge that discussion do any of you yeah I think it’s um I think it’s pretty easy nowadays like when I when I was a ciso um and that wasn’t too long ago what I’ve usually done is look at like

00:21:30
IBM cost of data Bridge Verizon reports like the the leading reports in the industry Gartner and so forth um and and looked at the most you know the biggest attacks out there or the most um devastating attacks there there it can be in terms of um you know recuring attacks or it can be costly attacks or whatever you you guys choose to do um take the top three top four depends on my budget and see what I have covered uh so if fishing is the first one do I have coverage for that uh the second one it’s

00:22:05
uh it’s actually non human identity I do I have coverage for that going to your your last question I think that companies are prioritizing or used to prioritize human identities before non-human identities is because only recently like two three years ago great solutions to protect nonhuman identities started to pop up in the market um there wasn’t really a good solution that can give you an inventory classification you know monitoring over them and so forward so I I just think it wasn’t really easy to do so um and the

00:22:41
why didn’t made any sense uh but uh but now we see you know an amazing Trend and people are starting to prioritize non-human identities over human identities and again like it’s being listed as the second most frequent attack Vector outer and that’s that’s how I used to prioritize stuff I I used to communicate that to my board yeah um I’m going to jump to some more questions that are being posted here I I feel confident answering one but I’m not the expert you guys are so

00:23:14
um Edward again said in a perfect world would this become a role where a team could Monitor and keep this updated and clean a role for maintaining these identities so my thoughts and obviously I want to look to you guys I’ll start with you Olivia is that the manual process of doing doing that still leaves significant room for error it’s time consuming and costly whereby automating it and obviously that’s where we can talk about entro would be the solution but am I right Olivia well I think in a perfect world

00:23:45
it’s having the perfect tool having the perfect people behind the tool and having the right people in place to monitor tool and communicate what’s going on I mean that’s that’s a perfect world for me is everybody every body is aware of the situation everybody knows what’s going on and there’s a process of doing it that’s a perfect world for me okay makes sense um it’s SI Paul anything different on that or would you agree with Olivia’s thoughts I agree I think they’re whole teams that should be

00:24:18
dedicated towards identity management so answer the question directly sure there should be a role to maintain those identities uh I I think there are already roles to maintain them it can be application security uh it can be IM depends on the organization but I think like there are already people that are responsible for that whether they are doing great jobs or not probably depends on the tool that Olivia said uh but uh but people are already responsible for that I’m gonna field one more thing in

00:24:51
the chat and then we’re going to get into those action items um keep adding asking your questions in the chat I also know we have quite a few question questions that came in separately we will address them as well um but first question from Donnie and then I want to proceed with action items so how does the concept of non-human workers such as AI agents or multi-agent systems impact this problem and what unique considerations does this create it’s can you take that yeah for sure there are a lot of

00:25:21
non human entities out there a lot of types um but at the end of the day all of them are programmatic credential uh that applications are using in order to access and authenticate against resources that application needs and the application can be your internal finance application or it can be an AI application and and so forth and all of them needs to use some sort of resources like databases or storage accounts when it comes to AI it’s a bit more complex um because those programmatic access

00:25:50
Keys those non identities usually they have I permission side they can access that database they can probably update it or delete it and and do stuff like that um so AI is also able in some scenarios to create new non-human identities which contributes to the SPO for sure and in other cases sorry in other cases you can manipulate AI at to do stuff for you where you don’t have the permissions to do that but thei does uh so the problem is is two folds uh it can either create more or you can manipulate it to do stuff um for you

00:26:30
where you don’t have the permissions to do St uh you can solve them with monitoring uh which is again not easy to do but that’s uh like any JDR non human identity detection and response uh that’s the way to go about it okay um and on that point and it’s a some of the questions that are coming in through the question widget we’re going to address right here in this question that I have for you which is obviously the most important component to the discussion is going to be that action

00:27:01
plan folks are joining in because they know there’s an issue they know that needs to be looked at so how does a cyber security leader regain control of the non-human identities right um one concern that we’ve heard and we heard a little bit about this early on is potential for business disruption so can you share ITC how some of entro customers have handled this yeah for sure um again good back to the problem developers um are the ones who are creating them permissioning them using them and scattering them around

00:27:35
they are not really doing any security controls over them um and and from a ciso or security professional uh standpoint what they need to do is to understand get an inventory in place right understand how many I have and where they are that’s step number one and then you need to enrich them usually those non identities are long R my strings and that means that even if you find one what do you know about it right you don’t know is there human owner permissions even if it’s enabled or

00:28:06
already expired so you you will need to enrich them um and once you have an inventory and you enriched everything you know what they’re being used for and how they are being used then you can start doing security uh alerting or misconfiguration around them then you can start to understand how many of them are publicly exposed how many of them have higher permissions than they need how many of them have not been rotated in time uh so do posture management over them and then you should start monitoring them for any

00:28:37
abnormal behaviors uh basically create some sort of bench line for each one of them uh to understand how they are being used and and then any deviation from that usage pattern should be considered as an abnormal behavior and and maybe a potential Bridge uh so I’ll give an example let’s say that uh you have a workload from the us that is using the token to access mongodb and now you’re seeing connection out of China that’s an abnormal behavior that’s something you should probably prevent and you can do

00:29:09
that with the nidr the nonhuman identity detection and response um and then after you have those active monitoring in place and have the posture Management in place then you can start doing some automation for mediation like ration like moving them into a secured location such as Vault like removing ID and stale tokens uh that Paul talked about and so forth so you did you hit on something I just wanted to drive home about you mentioned the word exposure and so and these accounts so one of the problems

00:29:47
is we don’t do a great job as an industry to identify what accounts have the most significant exposure meaning that what kind of data what kind of data are they handling are they internet basing do they interact with a third party who we’re not really that comfortable with have we have it has the third party went went through our tprm assessment so identifying the exposure is something that as Security Professionals we really don’t do with service account we may understand the business impact right so a service

00:30:22
account let’s say fails to run we know the business process that breaks but we don’t consider the exposure that’s attached correct correct that’s uh again that’s not easy to do but if you have the the inventory and if you have the enrichment basically to ENT the enrichment stage it’s it’s a lineage map so you know what devices what workloads what applications are using which non-human identity to access what resources and if those devices or workloads are thir party apps that’s

00:30:53
fine we’re going to show you that as well but once you have the inventory in place and have the enrichment you you know all about that and then again you can use that inventory you can use that enrichment in order to conduct uh security yeah post Po and you’re learning your learning should align to that right align to the the correct accounts that have the the highest exposure where that correct yeah like like exposure by the way when when I said earlier it’s the second most frequent attack Vector the root cause of

00:31:23
that is is exposed tokens like developers that are sending them over teams and slack and within Confluence pages and and committed into code and everywhere right everywhere so the root cause of that BRD is is basically exposure by developers yeah Olivia we had a question show up here and I’m wondering if you’re comfortable answering your views on it um which is when an and this is from Crystal when an an unhuman identity is an app right for example where would the accountability fall so so when working

00:31:59
with a vendor they work with their Engineers to get the app functioning in your environment once it’s working then their hands off so who’s accountable is it the vendor is it the engineer you know your your developer now who is now perhaps managing the app um what are your thoughts around that I think it’s it depends on the contract you have with a vendor um I know you know in several Industries they have if for example they have set up like hey if we run into account issues or if we run into a

00:32:34
database issue or we need troubleshooting issues uh the vendor has to provide support and but then it comes to the account who actually truly understand the account if the vendor is maintaining or having access to that their you know their software then it’s on their responsibility if it’s basically handed to you and saying hey here here’s your application here’s everything here’s your account now this is on you then it’s on the application owner to manage and know how that non-human identity is

00:33:07
working and how it’s connecting did I answer all that yeah that makes complete sense so I’ll be I’ll be Devil’s Advocate and I I see Crystal asked a question in the chat and I’ll say that how do you identify excessive permissions right how do you how do you know what accounts have permission let’s say let’s say you let’s say you do let’s say you you are able to identify excessive permissions who’s going to be the one to turn the turn the knob and turn that

00:33:41
turn that down or r or reain that in for the risk of breaking something again we’re uh we’re going back to the rotation like why aren’t we doing that because we we lack visibility that’s why we’re not doing that you’re you’re afraid that if um if you’re going to write size a permission from admin to write or or to read something will break but I’ll let you know how we’re doing the tto uh and now we’re giving the confidence you need in order to do that

00:34:12
uh basically what we’re doing we’re enriching the permission so we know there’s a service account an API key and we know their permission let’s say it’s admin okay but then we’re taking their activity and we’re saying that that application is using the non-human identity with admin permission to read only for only for read operations against the database and we saw it for maybe six months or or an Year all the application is doing is reading but it hasn’t been permission think you should have the

00:34:42
confidence you need in order to push the button and right size those permissions uh you can Define it you can say I want I want it to be I don’t know four years fine or maybe 90 days fine whatever whatever you decide it’s again it’s the it’s the problem that we don’t have any enrichment and context around our eniz and if if we do then it’s not an issue and we can do that uh who’s accountable for that the application owner that again ENT is en reaching um but but but I I have to

00:35:15
disagree like when I when I was a ciso yes maybe the vendor is is accountable for that but at the end of the day my organization will be breached and that’s why I’m also accountable and and responsible for that but yeah let me add to that is the other thing is uh I think it’s communication and working with the engineers that you have on on staff your network Engineers uh as well as you know your operations your whoever you have on hand and working with the vendor saying yes we have admin rights or we have

00:35:52
executive rights this is what we have right now let’s dwindle that and lock it down uh such as the same as locking down ports and protocols right yeah so we had a question come in that I swear it’s like was written for you you’re GNA be very excited to answer this I know I had to make sure that he wasn’t an employee of entro not um what products and services are most effective for Security Professionals to use to see and manage non-human identities and reduce risk with them welcome security

00:36:29
to the chat um why don’t you give a little bit of an overview of how you guys help your clients with this issue yeah so we um so so I I’ve been I’ve been AIS and afterwards I was responsible for the internal security at Microsoft where we were breached by uh by non human identities at wice and I came into you know realization that I don’t know how many non-human identities I have the developers are getting them I don’t know their permissions I don’t know how they’re being used they are definitely

00:37:03
not being rotated um and and that’s basically what we’re solving in inro I I truly believe that um security teams needs better visibility over their non-human identity landscape they need to understand how many they have they need the right inventory in place they need the right enrichment in place in order to actually manage them and protect them uh so that’s how we’re starting where have uh we’re we have six pillars that helping organization to automate secure uh the life cycle of non-human

00:37:36
identities the very first one is inventory comprehensive inventory uh that will find all non human identities wherever they are even if they are only created and still in the resource uh if they are vaulted if they are exposed we’re going to find them and and add them to the inventory um and then we’re going to enrich each one of them um create a lineage map of which application is using the can to access what resources and other vital data around them like the human owner like the permissions like activities rotation

00:38:05
times everything everything you need to know to understand the bless of it we’re actually calling it an air tag for your non-human identities um and then again once you have the inventory and once you have the classification part you can do management and that’s the third um fill out misconfiguration static risk analysis around them understanding their security gaps um so how many of them have not been rotated in a long time how many of them have excessive Privileges and so for many of them rotated um and then we’re doing the

00:38:38
nidr non human identity detection and response um which is active monitoring over them the abnormal behavior part um and then five and six we’re doing remediation so we able to SN them to secure location of the expose one we’re able to streamline the rotation for you guys um and then the six one is basically of boarding what SP about being able to board a token disable delete it once it’s no longer in use I’ll share another statistic over here when we’re entering an environment we usually see that about

00:39:13
40% out of all nonhuman identities are idle St they are enabled someone can use them but no one is and that means that on average at least you can decrease your ATT Surface by 40% like that uh so that’s theal platform I I encour you guys to go into our website and ent. security you have all of the data over there fantastic thank you that was a good overview and obviously as I noted for everyone that’s uh viewing you can click the handouts in the apps widget and there you can download a report from

00:39:47
entro um Paul Olivia iik anything regarding nonhuman identity that we didn’t touch on that you think is important to note or mention I I don’t have anything I see some more questions in the chat I don’t know if you want to address some of the yeah yeah know I’m all about it we have a few minutes so let’s do it um what’s the difference between a non-human identity and a secret and are they sometimes that’s a great uh a great question um so nonhuman identities those are the

00:40:22
entities um you can think about them like the like the user name for human identities but nonhuman identities those are the non-human entities the permissions are over there the activities are over there and so for secrets are the credentials of those non-human identities and you can have different Secrets different credentials for the same nonhuman identity uh that’s actually how you’re doing rotation you are creating two uh credentials and then deleting the first one and starting to use the second one that’s that’s a

00:40:52
rotation uh so non human identity it’s uh it’s basically the identity The Entity level uh with the permissions and everything and then the secret is the credential of that entity and that’s what application the secret is what application are actually using in order to authenticate against the resource perfect thank you for explaining that okay so it looks like we’ve gotten everything addressed everything we wanted to all the questions answered the handouts are available we will be

00:41:23
sending this recording to everyone who’s participating so and you so you can share it with your colleagues as well and I want to again thank Paul Olivia iik for joining me today and of course entro for partnering with us to produce this today thank you all thank you for having us you.