SailPoint’s $200 million acquisition of Israeli startup Entro Security is a defining moment for the non-human identity management market — and a signal that the consolidation phase of the NHI security sector has begun in earnest. Entro, founded in Tel Aviv and built around the challenge of governing secrets and machine credentials at enterprise scale, brings a focused and technically mature NHI capability into SailPoint’s broader identity governance platform.
The Israeli cybersecurity ecosystem has produced a disproportionate number of identity and access management innovators, and Entro represents the maturing of NHI security as a distinct discipline within that ecosystem. The company’s approach centres on the reality that secrets — the credentials that bind machine identities together — are the most exploited and least governed assets in the modern enterprise. API keys rotate infrequently or not at all. Service account tokens accumulate permissions over time. OAuth grants persist long after the applications that requested them have been decommissioned.
Entro’s technology addresses these governance gaps with a platform designed specifically for the machine identity lifecycle: discovery of secrets across cloud environments, code repositories, and CI/CD pipelines; classification of secret types and associated risk levels; entitlement analysis to identify over-privileged machine credentials; and lifecycle management tooling to enforce rotation, expiry, and revocation policies.
The $200 million valuation reflects both the maturity of Entro’s technology and the urgency of the market problem it addresses. Non-human identities now outnumber human users by significant margins in most enterprise environments. Every cloud workload, every containerised application, and every AI agent that organisations deploy adds to the machine identity footprint — and to the secrets that authenticate those identities against the systems they access.
For the NHI security market, the acquisition validates the investment thesis that secrets management and machine identity governance are not peripheral concerns — they are core infrastructure for enterprise security programmes. The organisations best positioned to weather the next wave of identity-based attacks will be those that have already built comprehensive governance over their non-human identity estate.
SailPoint’s acquisition of Entro is a clear statement of intent: the future of identity governance is unified, covering human and non-human identities within a single platform, with the depth of NHI capability that the machine identity challenge demands.
Source: The Jerusalem Post