Entro Security

What do you like best about the product?

Everyone makes mistakes, and some could mean leaking a secret to the world. As we knew secrets existed in our codebase and platforms, Entro has helped us increase the visibility of these secrets and take the appropriate actions. Accidental leakage of secrets is inevitable; the key is to promptly address and remediate these leaks when they occur. Leveraging Entro, we're able to reduce the mean-time-to-respond to any future leakage. In addition to that, by marrying the power of Entro together with that of Elastic, we're able to generate metrics and increase secrets management best practices across the different Elastic teams.

What do you dislike about the product?

As a rapidly evolving platform, we sometimes see new features rolled out that require minor adjustments to our existing workflows. However, the Entro team is consistently responsive and supportive in helping us adapt, ensuring any transitions are smooth.

What problems is the product solving and how is that benefiting you?

Primarily, it addresses the pervasive problem of exposed secrets in our CI/CD and code locations. Furthermore, Entro has provided us the ability to identify and promote the revocation of idle and unused non-human identities across critical platforms such as AWS (IAM tokens), and GitHub (PATs), significantly reducing our attack surface. It also automates the crucial review process for NHIs belonging to former employees. The platform's proactive approach has allowed us to drastically reduce our overall exposure to compromised secrets, streamline disablement, and enforce regular rotation, ultimately enhancing our overall security posture and operational efficiency.

We mainly use the solution to scan five platforms: Confluence , Jira , SharePoint , Slack , and GitLab . We use it to detect developers posting secrets in plaintext.

When developers post credentials in plain text in their code or documents, it creates an attack surface that can impact our organization. If we are being breached, that makes it very easy to find passwords, and once they have a password, they can take strong actions. We do not want random people to be able to take such strong actions when they are not allowed to or should not do it. Entro Security  is basically helping us detect violations of developers, and we then force them to delete the stored credentials.

Reduction in the attack surface is the main benefit. We have not worked with it much yet, but so far, it has been good. It can be improved a bit more in the future, but so far, we have just scratched the surface with Entro Security .

Entro Security has helped develop a better culture among developers. They are willing and starting to use something called Vault to store credentials, and they even do it without us telling them. In the past, they used to post everything like in ClearText, whereas now, they are voluntarily migrating the information to Vault. I am pretty sure it is because Entro Security is also annoying them. Every  time there is a finding, we ping them via Slack . The ping comes from Entro itself. They do not want to be bothered by messages. They do not want to be seen as a bad employee, so they are using it on their own.

It is not hard for us to establish behavioral baselines for non-human identities (NHI) in Entro Security.

It is important that Entro Security’s detection and mitigation of NHI threats is done in real-time. It is becoming a worldwide issue, not only in our company. So many companies are trying to solve this issue where developers are posting credentials in plain text. It is of very high priority. It is not critical, but it is highly important.

Entro Security has improved visibility, revealing the extent of our credential issues, where strong credentials like admin accounts were found in plaintext in numerous projects. We have more visibility and control. We got to know that the issue was much bigger than we thought. We thought that only one out of ten projects would have some kind of password, but we found more than five to seven projects having plain text credentials. The credentials stored were of strong accounts. They had put admin account information in plain text. We did not think it would be this severe. We thought that, at worst, they would be some maintainer credentials, but they were using full admin credentials in their code and had put them just in plain text.

Entro Security has helped improve our organization’s security posture.

Entro Security has decreased our exposure to risk. It reduces exposure from the inside, not from the outside.

They are very helpful and responsive. They acknowledge issues, take feedback seriously, and implement features based on user requests.

The product provides valuable features such as revalidation, which is helpful for the full automation of our process without the need for human interaction. If a secret is deleted, it conducts a revalidation to ensure deletion. 

The detection of generic content or custom data specific to our company needs improvement. It has trouble detecting unique patterns of secrets.

In terms of new features, they already gave us the ability to decrypt the password so that we can send it to be revalidated. The only feature pending from their side is for sending alerts to Webhook instead of Slack. We gave them this request only a week ago.

We have been using the solution for at least one year. I have personally been working with Entro Security for a few months. Prior to that, someone else was working on Entro Security. I have not had enough time to explore everything.

I find the solution to be very stable.

I believe the solution is scalable.

It is being used across the whole company. We have about 8,000 to 10,000 users.

The customer service is very good, as the team is familiar with the tool and helps solve issues quickly. They implement requested features and fix issues promptly.

Positive

We used a free open-source one before, which was not effective. We did not have any NHI solution prior to this.

We use the cloud and on-premise versions.

The initial setup was not hard. The cloud one is easier. The on-prem is a bit more complicated, but there are no major issues with that because they also provide support for deployment.

In terms of implementation strategy, they provided some guidelines, but from our side, we knew which sources had the most risk and most credentials. We implemented it there first. We focused on high-risk sources first and gradually expanded.

The deployment was done in-house with assistance from the vendor. They helped us with the deployment, but most of the strategy was ours. Two people were involved in the deployment.  

In terms of maintenance, sometimes we need to update versions. We have two people involved in its maintenance.

I cannot quantify the cost savings, but there is a return on investment through time savings, automation support, reduced workload, and improved security practices.

I am not aware of other solutions that were evaluated before choosing this one.

I would advise trying to automate as much as possible. I would recommend this tool to others because their support is excellent. 

I would rate Entro Security a seven out of ten.

I am a Security Engineer at a company called Regatta. We started using Entro Security  to address a request from one of the head developers to gain control over secrets and identities. 

We initially found only ten identities after a month of manual work. However, Entro Security 's free evaluation managed to find thousands of secrets, which was a game-changer for us. It became a necessity to use Entro Security for our cybersecurity needs, and it has now evolved into a proactive measure for our organization.

The top features of Entro Security that stand out are its ease of onboarding and discovery. Integration takes minutes, and it quickly scans resources like Azure , Teams, Slack , Confluence , and Jira . 

It provides clarity in the way secrets are displayed, alert mechanisms, and customized alerts like creating tickets on Jira  or sending messages on Teams or Slack . Meanwhile, the support team at Entro is magnificent, offering invaluable insights and assistance.

Entro Security could benefit from improvements in IAM  control to allow segregation of duties among developers. Providing a more modular alerting system to have proactive measures without extensive communication with engineers would also be an improvement. While the basic alerts work, a more customizable alert system would be a plus.

I have been using Entro Security for two years.

Entro Security is very stable. I have never experienced downtime and every feature works as expected. The platform is reliable.

The scalability of Entro Security is seamless. Connecting it to services like GitHub  or Teams at an organizational level ensures all projects are instantly added, demonstrating excellent scalability.

The customer service and support provided by Entro Security are excellent. They have a can-do attitude and never say no. The support team is always helpful and provides all the necessary services.

Neutral

We didn't use any previous solution before Entro Security. We evaluated competitors like Oasis Security and Trufflehog, however, Entro Security's white paper was superior, and their free trial setup was quick.

The initial setup was very easy, taking about an hour including the initial call. The hands-on part of enrolling services like Azure , GitHub , Teams, Slack, and DevOps took only 10 to 15 minutes.

Entro Security is not the cheapest solution. However, I am willing to pay for quality cybersecurity products. We received a good discount this year, which significantly reduced the price. Next year, we may review licenses for better pricing or explore competitive options.

We evaluated Oasis Security and Trufflehog before choosing Entro Security.

Overall, I would rate Entro Security a ten out of ten. 

I recommend it because of its excellent customer service, seamless scalability, and the proactive security measures it provides.

Public Cloud

Microsoft Azure