Saturday, December 14, 2024
HomeCyber Security NewsEntro Security Labs Releases Non-Human Identities Research Security Advisory

Entro Security Labs Releases Non-Human Identities Research Security Advisory

Published on

SIEM as a Service

Analysis of millions of real-world NHI secrets by Entro Security Labs reveals widespread, significant risks, emphasizes need for improved Secrets Management security practices   

Entro Security, pioneer of the award-winning Non-Human Identity (NHI) and Secrets Management platform, today released its research report, “2025 State of Non-Human Identities and Secrets in Cybersecurity.” The Entro Security Lab found that 97% of NHIs have excessive privileges increasing unauthorized access and broadening the attack surface, and 92% of organizations are exposing NHIs to third parties, also resulting in unauthorized access if third-party security practices are not aligned with organizational standards. Surprisingly, 44% of tokens are exposed in the wild, being sent or stored over platforms like Teams, Jira tickets, Confluence pages, code commits and more. Such practices put sensitive information at serious risk of being intercepted and exposed–the root of all secrets and non-human identity breaches. 

Entro Security Labs’ research reveals alarming trends in the handling of both human and NHIs, with significant misconfigurations and risks prevalent across organizations. Key findings include: 

- Advertisement - SIEM as a Service
  • For each human identity, there are an average of 92 non-human identities. An overwhelming number of non-human identities increases the complexity of identity management and the potential for security vulnerabilities 
  • 91% of former employee tokens remain active, leaving organizations vulnerable to potential security breaches 
  • 50% of organizations are onboarding new vaults without proper security approval which can introduce vulnerabilities and misconfigurations from the outset 
  • 73% of vaults are misconfigured, also leading to unauthorized access and exposure of sensitive data and compromised systems 
  • 60% of NHIs are being overused, with the same NHI being utilized by more than one application, increasing the risk of a single point of failure and widespread compromise if exposed 
  • 62% of all secrets are duplicated and stored in multiple locations, causing unnecessary redundancy and increasing the risk of accidental exposure 
  • 71% of non-human identities are not rotated within the recommended time frames, increasing the risk of compromise over time 

Additional findings are discussed in the report and reveal a critical need for organizations to reassess their NHIs and secrets management practices.  

Data from this report has been collected using a mixed-methods approach, integrating quantitative data analysis with qualitative insights derived from industry observations. The quantitative component focuses on statistical analysis of security incidents and vulnerabilities, while the qualitative aspect provides context and interpretation of these findings within the broader cybersecurity landscape. The data sources include proprietary data from Entro’s cybersecurity infrastructure, secondary data from publicly available industry reports and survey data from IT and security professionals. 

Entro’s complete research report on non-human identities is available on their website. 

To learn more or schedule a demo, please visit https://entro.security/demo/.  

About Entro Security 

An award-winning pioneer platform, Entro Security provides Non-Human Identity Lifecycle Management, Secrets Security and Non-Human Identity Detection and Response. Unlike traditional methods that reactively scan for exposed secrets, Entro integrates seamlessly within an organization’s existing vaults, and secret creation and exposure locations, offering a single pane of glass to securely use and manage non-human identities and secrets at scale. Headquartered in Boston and backed by top cybersecurity VCs, Entro was named a Cool Vendor by Gartner, Venafi’s Most Promising Machine Identity startup and is a 2023 Globee Awards Winner for Startup Achievement of the Year. For more information, please visit https://www.entro.security

Contact
  • Senior Account Executive
  • Hannah Sather
  • Montner Tech PR
  • hsather@montner.com

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Nigerian National Extradited to Nebraska for Wire Fraud Charges

United States Attorney Susan Lehr announced the extradition of Abiola Kayode, 37, from Nigeria...

Dell Security Update, Patch for Multiple Critical Vulnerabilities

Dell Technologies has released a security advisory addressing multiple critical vulnerabilities that could expose...

CISA Issues 10 New Advisories on Industrial Control System Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten critical advisories, highlighting vulnerabilities...

FBI Seizes Rydox Marketplace, Arrests Key Administrators

The Federal Bureau of Investigation (FBI) announced the seizure of Rydox, an illicit online...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Nigerian National Extradited to Nebraska for Wire Fraud Charges

United States Attorney Susan Lehr announced the extradition of Abiola Kayode, 37, from Nigeria...

Dell Security Update, Patch for Multiple Critical Vulnerabilities

Dell Technologies has released a security advisory addressing multiple critical vulnerabilities that could expose...

CISA Issues 10 New Advisories on Industrial Control System Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued ten critical advisories, highlighting vulnerabilities...