Transcript
00:00:00
Hello, welcome to another episode of the security sessions podcast. My name is Will Sutton, co-founder of Tether. Today I’m extremely excited to be joined by IT Alvas, the co-founder and CEO at Entro Security. For those of you that don’t know, Entro is the pioneer and global leader in the non-human identity security market, and they’re the only platform that supports non-human identity detection and response. Ezek, welcome. Thanks for joining me. Yeah, thank you. Thank you for having
00:00:34
me, Will. It’s a pleasure. Good stuff. How’s your week been going so far? Uh, great week. Busy. Uh, busy. Busy is always great. Yeah, absolutely. For sure. And well, look, obviously I know we’ve been been speaking back and forth for for a few months. You guys have been extremely busy. I know you went through your series A round last year and obviously hosting the global non-human identity summit in New York last month. So, been a bit of a delay uh to to get you on here, but I’m sure you’ve got a
00:01:04
lot of interesting things to tell us. So, yeah. Uh genuinely, I’m extremely excited about this uh this episode. Just for the listeners and people that maybe, you know, haven’t met you before, do you mind just giving us a little bit of an introduction as to as to who you are? Uh yeah, for sure. It’s a Calvas. Uh currently based out of um Boston um originally from from Tel Aviv, moved uh moved over here like um almost two years ago. Mhm. Uh I’m the CEO and co-founder of Entro Security. Entro helps
00:01:37
organization to securely use uh non human identities and secrets by u managing and automating and you know managing their life cycle. Um I started my cyber journey back at the Israeli Defense Force at one of the uh intelligence units over there. I was actually doing offensive cyber back then. Uh but then after after the service I moved to the uh public market and moved to uh defensive uh cyber so cyber security. Um that was after that was like almost 15 years ago. uh so around 20 years in the industry. Um and then prior to entro
00:02:17
I was responsible for the internal security of Microsoft. Microsoft have three main clouds. They have Azure cloud, they have office cloud and they have defender cloud. So I was responsible for the internal security under defender cloud. Prior for to that I was a CISO chief information security officer of uh the largest healthcare services uh uh company uh in Europe. Um so yeah you know when I when I was at the CISO for the healthcare services company uh we were breached by anonym identity uh like a month after migrating
00:02:52
to the cloud. Yeah. Um and then at Microsoft uh we were breached twice while I was there. So after like my third time uh being breached by non identities um I basically started uh started. I wanted to do something to like search for a solution that will help me to protect myself and the organizations that I work for against those types of attacks. I couldn’t really find anything. So, uh yeah, joined forces with Adam uh my co-founder. He was working for Broadcom at the time. They had an event around
00:03:26
non identities. We spoke for a bit and and yeah, basically started uh started. Yeah. Interesting. I’ve spoken to a couple of founders actually that witnessed firsthand, you know, the damage that can be done from an attack or, you know, something similar and it then sparked the, you know, their journey to set up a company that could actually, you know, defend and prevent these things. So, obviously I gave a little bit of an introduction. We know, you know, Entro’s in the the NHI space, but again, do you mind just giving us a
00:03:57
little bit more detail on exactly, you know, what it is you you do at Entro Security? Yeah, sure. Um, so again we’re helping organization to securely use them by uh automating uh securing secure sec securing and managing their life cycle. Um, but maybe let’s frame non-human identity for a second. Uh, so non-human identities are actually the entities uh or the identities that applications are using to authenticate and access services the application needs. Uh so if an application needs to use a database
00:04:33
they need to authenticate against that database and they will use a non-human identity in order to authenticate against the database. Uh if they need storage they will use a nonuman identity to authenticate against that storage and so forth. Um so those are non identities. Basically you can think about them as credentials that or programmatic credentials that applications are using to access and authenticate against other resources. Yeah. Um and the the main problem the main problem we’re seeing in the in the
00:05:01
industry around non human identities is that usually developers the ones who are writing those applications are the ones who are creating them, permissioning them, uh using them and a lot of the time they are also scattering them around. So they can store them in a vault which is like an encrypted database. Uh but often organizations have at least five different vaults. So uh those nonuman identities are scattered between different vaults but they’re also committed into code sent over slack uh teams messages confluence
00:05:32
pages and so forth and and the number one the biggest problem we’re seeing in the industry is that security teams don’t really know how many non-human identities they have and and where they are and even if they find one um those non-human identities are long randomized strings that means that even if you know security practitioner will find one, you have no idea uh what it’s being used for, who created it, uh what application is using it to connect to what resource and and and and when you combine that
00:06:02
when you combine that we don’t know as security practitioners how many non-human identities we have where they are or how they’re being utilized uh that’s why it’s really tough to basically protect them um and that’s why attackers really love them and today uh you know by IBM cost of uh data breach Verizon report um and other great industry reports. It’s the second most frequent attack vector out there and the number one most costly attack in organization. So it’s a it’s a huge huge
00:06:33
problem. Yeah, absolutely. And it sounds to me like there’s a there’s a big market there then. Definitely. So I’m sure you’re not short of problems or companies to help them. Absolutely. And I think the non-human identity, yeah, I think it’s it’s it’s a topic that people have heard about, but I think the way you just explained it there, it obviously makes it um a little bit easier to understand ultimately. Um so I guess why did you want to be a startup founder then? You know, I know you said
00:07:00
you’d experienced the bre the breach yourself and and your co-founders also seen something similar, but it’s not an easy journey as I’m sure you’re aware of. What is it that made you want to do this? Yeah, you know, I’m I’m really I’m really obsessed about