Identity governance giant SailPoint has agreed to acquire Entro Security, an Israeli startup specializing in non-human identity (NHI) and secrets security, in a deal reported to be valued at approximately $200 million. The acquisition marks a significant expansion of SailPoint's platform beyond traditional human identity governance into the rapidly growing field of machine credential security.
What Is Entro Security?
Founded in 2022, Entro Security built a platform specifically for discovering, classifying, and securing non-human identities — the API keys, service accounts, OAuth tokens, machine certificates, and programmatic credentials that now vastly outnumber human accounts in enterprise environments. Research consistently shows that NHIs outnumber human identities by ratios of 10:1 or higher in cloud-native organizations, yet they often receive little governance oversight.
Entro's technology continuously monitors secret sprawl across source code repositories, CI/CD pipelines, cloud platforms, and SaaS applications, alerting teams to leaked credentials, over-permissioned service accounts, and stale secrets before attackers exploit them.
Why This Deal Matters
The acquisition addresses one of the most persistent gaps in enterprise security. While IGA platforms like SailPoint have long managed human identity lifecycles — provisioning, de-provisioning, access certifications — non-human identities have historically been an afterthought. Attackers have noticed.
Several high-profile 2025–2026 breaches, including the Trivy supply chain incident and multiple CI/CD pipeline compromises, traced back to stolen or poorly managed machine credentials. The Verizon DBIR 2026 highlighted credential theft as a top initial access vector, with NHI-related compromises contributing to a growing share of incidents.
By integrating Entro's capabilities, SailPoint gains:
- Secrets discovery and classification across cloud, code, and SaaS environments
- NHI lifecycle management for service accounts and machine tokens
- Risk-based alerts for leaked or over-privileged credentials
- Continuous monitoring that complements SailPoint's periodic access reviews
Market Context
SailPoint's move follows similar acquisitions in the identity space. CyberArk expanded into secrets management via Conjur and later acquired Venafi's machine identity business. Delinea has built NHI capabilities organically. The message from the market is clear: organizations need unified visibility over both human and machine identities.
Entro had previously raised approximately $30 million in a Series A round and had been growing quickly as enterprises grappled with secrets sprawl from microservices, DevOps toolchains, and multi-cloud deployments.
What Comes Next
SailPoint says Entro will enable it to enhance its Identity Security Cloud platform, though specific integration timelines have not been announced. The deal is expected to close subject to standard regulatory approvals.
For security teams, the strategic takeaway is straightforward: non-human identity governance is no longer optional. As machine-to-machine communication and automated pipelines become the backbone of software delivery, the credentials powering them represent a significant and underprotected attack surface that now has major vendors competing to address it.
Source: SecurityWeek