Clutch Security

?? ?????????????? ?????? ?????????? ???????? Clutch is gaining serious traction - and it’s time to scale up. We’re excited to welcome four powerhouse additions to our go-to-market team: ?? Michael Ferrari – Regional Sales Manager, West Bringing deep expertise in driving security outcomes across complex enterprise environments. ?? Alex Graeber – GTM Specialist ?Fueling our growth engine - driving partnerships, pipelines, and strategic opportunities. ?? Brennan Manion – Regional Sales Manager, Southeast ?A trusted advisor to CISOs and a force in helping customers solve identity security challenges. ?? Edgar Ortiz – Head of Solution Engineering ?A technical leader with a sharp eye for translating security problems into real solutions with solid value. This crew is already making moves - and we’re just getting started. Welcome aboard! #GoToMarket #TeamClutch #NHI #NHISecurity

The Worst Assumption in Security? “?????? ???? ?????? ???????????? ???? - ?????????????? ?????? ???????? ????????????.” Especially when it comes to ??????-?????????? ???????????????????? ?? API keys, tokens, service accounts, secrets, and other NHIs are often: ?? Created for one-time use but never deleted ?? Hardcoded into scripts and forgotten ?? Given excessive privileges because ‘it’s easier that way’ But ?????????????????? ??????’?? ????????????. They find and exploit these credentials - often with zero detection. It’s time to stop relying on static, long-lived credentials that are easily forgotten and create security risks. Instead - when possible - shift to ??????????????????, ????????-???????????????? ???????????????????? that minimize exposure windows and limit attacker opportunities. ?? ?????????????? ??????? Our NHI Index provides ???????????????????? ???????????? ?????? ???????????????????? ?????????? ??????. ?? Dive in: https://lnkd.in/e3UBxDXw ?#NHI #NHISecurity #IdentitySecurity #ZeroTrust

???? ???????????????????????? ???????????? ?????? ???????????? ???????? - ???????? ???????? ?????????????????? ????????! We planted AWS access keys across different destinations and scenarios. The result? Some were exploited in seconds. When we shared part of our research on leaks to public developer forums, ?????? ??/???????????? ?????????????????? ?????? ???????????? ???? ??????.? ?????? ?????? ????????????????? ?????????????? ???? ?????? ???????? ??????’?? ?????????? ?? ????????????. ?? See what Reddit, Inc. had to say in the carousel → The real question: Are your secrets already exposed without you knowing? Learn how attackers find and exploit leaked credentials - and why secret rotation alone won’t save you. ?? Download the full report: https://go.clut.ch/9c #NHISecurity #DebunkingRotations #AWS #CloudSecurity #SecretsManagement?

Clutch Security ???????????????????? ???? ???????????? ???????????????? ???? ?????????????? ?????? ???????? ??????????????? The March 2025 Gartner report, ???????????????????? ??????????????: ?????????????? ???????????????? ???????? ?????????????? ???????????????? ?????? ???????????? ????????????????????, notes, “The visibility and observability provided by machine IAM is essential for maintaining robust and efficient systems in today’s dynamic IT environments. By implementing continuous discovery, organizations can ensure that all assets, including hardware, software and network components, are consistently identified and cataloged, providing a comprehensive and up-to-date inventory.” ????’???? ?????????? ???? ???? ???????????????????? ???? ???? ?????????????? ????????????! How Clutch is Redefining Machine IAM: ? ?????????????????????????? ?????? ?????????????????? & ?????????????? – Complete visibility across environments with deep context into every NHI. ? ?????????????????? ????????????????????, ?????????????????? & ???????? ???????????????????? – Actionable and prioritized risk mitigation with predefined remediation playbooks. ? ????????-???????? ???????????????????? & ???????????? ?????????????????? – Detecting and stopping misuse before it leads to breaches. ? ???????? ?????????? ???????????????? – Continuous validation of every NHI interaction and strict least-privilege enforcement to minimize the attack surface. Want to see it in action? Let’s talk: https://lnkd.in/eQrcAiPr ?? Gartner subscribers can dive into the full report: https://lnkd.in/eKmWXNVx ????????????????????: ?????????????? ???????? ?????? ?????????????? ?????? ????????????, ??????????????, ???? ?????????????? ???????????????? ???? ?????? ???????????????? ???????????????????????? ?????? ???????? ?????? ???????????? ???????????????????? ?????????? ???? ???????????? ???????? ?????????? ?????????????? ???????? ?????? ?????????????? ?????????????? ???? ?????????? ????????????????????????. ?????????????? ???????????????? ???????????????????????? ?????????????? ???? ?????? ???????????????? ???? ??????????????’?? ???????????????? ???????????????????????? ?????? ???????????? ?????? ???? ?????????????????? ???? ???????????????????? ???? ????????. ?????????????? ???? ?? ???????????????????? ?????????????????? ?????? ?????????????? ???????? ???? ??????????????, ??????. ??????/???? ?????? ???????????????????? ???? ?????? ??.??. ?????? ?????????????????????????????? ?????? ???? ???????? ???????????? ???????? ????????????????????. ?????? ???????????? ????????????????.

Big things are happening at Clutch Security, and we’re excited to welcome three incredible new team members who are helping us push the boundaries of Non-Human Identity Security! ?? Andi Rave, Head of Design – Crafting seamless, intuitive experiences to make security simple and usable. ?? Guy Balas, Full-Stack Engineer – Building and scaling the tech that powers our platform. ?? Rewanth Tammana, Security Researcher – Uncovering the latest threats and vulnerabilities in the wild. Each of them brings deep expertise and fresh perspectives that will help us continue redefining how organizations secure their NHIs. ?????????????? ???? ?????? ????????! ?? #NHI #NHISecurity #WelcomeToTheTeam #BestTeam

?? ????????????????-?????????? ?????????????? ???? ????????????????????????????-?????????? ?? Traditional security tools focus on specific infrastructures (Cloud, SaaS, etc.), but NHIs don’t stay in one place. NHIs move across platforms, while traditional security controls stay locked inside them. That’s a dangerous disconnect. The challenge: ?? Traditional tools like CSPM and SSPM focus on infrastructure, not the identities moving through it. ?? NHIs dynamically jump across environments, creating security blind spots. ?? Security policies break down at environment boundaries, leaving inconsistent protection. Clutch Security’s approach: ?????????? ?????????? ???? ???????????????? ?????? ???????????????? Clutch redefines NHI security by following the identity itself - securing it wherever it operates. ?? ?????????????? ???????????????????? – Discover NHIs across cloud, SaaS, CI/CD, code, on-prem, and vaults. ?? ???????????????? ???????????????????? – Secure NHIs across all platforms and environments. ? ???????????????????? ???????????????? – Security travels with the identity, even as infrastructure changes. This is one of our key principles - because true NHI security isn’t about securing where identities live, ????’?? ?????????? ???????????????? ?????? ???????????????????? ????????????????????. ?? Explore our approach here: https://go.clut.ch/6ce #CyberSecurity #NHISecurity #ZeroTrust #IdentitySecurity?

???????????????????? ?????????????????? ?????????????? ???????? ?????? ???????????? ????-?????????????? ???????????? By now, the recent tj-actions/changed-files compromise has been widely publicized. Just in case you missed it, this popular Action, which is used in more than 23,000 repositories, was compromised, and resulted in the exfiltration of secrets used within organizations' CI/CD pipelines. Attackers injected malicious code to expose sensitive credentials in the build logs, potentially leaking API keys, tokens, and other critical NHIs. Even worse, they tampered with multiple version tags, making detection even harder. While GitHub has now removed the action, the real question remains: ?????? ?????? ?????? ???????????????????? ????????????? The maintainers of tj-actions still cannot confirm the exact attack vector, but did mention that all evidence points to a compromised ???????????????? ???????????? ?????????? (??????). Was it a classic PAT? A Fine-Grained PAT (FGPAT)? The difference between the two is critical - GitHub does not log many operations performed using a Classic PAT. The lack of clear answers and the fog around trying to uncover what happened shows a bigger issue: Many vendors provide limited visibility into NHI activity, ?????????????? ?????????? ?????????? ???? ?????????????? ?????? ???????????????????? (a major focus of our upcoming report - stay tuned!) So what can be done better? Consider these alternatives if you are still using PATs in your environment: ?? ?????? ???????? ?????? ????/????: GitHub Actions can issue ephemeral OIDC tokens, eliminating the need for stored credentials. ?? ???????? ???? ???????????? ???????? ???????? ??????????-?????????? ???????????????????????? ????????????: These expire quickly (typically within an hour), reducing exposure. ?? ?????????? ?? ???????? ?????????? ???????????????? ???? ???????? ??????????????????: No pipeline should be inherently trusted - continuous validation is key, even for the most internal areas in your environment. Incidents like this reinforce the need for a ???????? ?????????? ???????????????? ???? ?????? security. NHIs are the backbone of modern enterprises, but without better controls, they remain an easy target. #NHI #NHISecurity #GitHubAction #ZeroTrust #OIDC

?? ???????????????? ?????????? ??????????????’?? ???? ?????????????????? ???? ?????????? ?????????? ?? When security teams lack the tools to act independently, risks stay exposed longer, incident response slows, productivity across teams takes a hit, and the entire business feels the friction. Security needs to move at the speed of threats — not the speed of internal handoffs. The challenge: ?? Security teams rely on IT & Engineering to manage NHIs and apply critical controls. ?? This creates delays in risk mitigation and slows incident response. ?? Security teams need direct control to enforce policies without friction. Clutch Security’s approach: ?????????????? ???????????????? ?????????? ???? ?????? ?????????????????????????? Clutch removes cross-team dependencies, giving security teams the power to implement and manage NHI controls autonomously — using Zero Trust and Ephemeral Identities to enhance security at machine speed. ? ?????????????????????? ???????????? – Security teams can enforce policies without IT or DevOps. ?? ?????????????????????? ???????????????????? – Automated workflows accelerate response times. ?? ???????????? ?????????????? – Implement, monitor, and manage security without bottlenecks. This is one of our key principles - because ???????? ?????? ???????????????? ?????????? ???????????????? ?????????? ?????? ?????? ???????? ????????????. Explore our approach here: https://go.clut.ch/xs6 #CyberSecurity #NHISecurity #ZeroTrust #IdentitySecurity?

?? ?? ?????????? ???? ???????? ???????????? ?????????????? ?? Vaults are a critical component in security, but they only store secrets. They don’t detect misuse, don’t analyze behavior, and don’t provide context on how NHIs are being used. The challenge: ?? Vaults secure secrets, but can’t detect threats. ?? NHIs exist and operate outside vaults, leaving blind spots in security. ?? No real-time analytics means security teams lack visibility into misuse. Clutch Security’s approach: ???????????????? ???????????????????? ???? ???????? ?????? ?????????? ?????????? NHI security goes beyond just storing secrets - it requires continuous monitoring and protection of NHIs across all environments, both inside and outside vaults. ?? ???????? ???????????????????? – Know who, where, and how NHIs are being used. ?? ?????????? ?????????????????? – Detect anomalies and stop threats in real-time. ?? ???? ???????????? – Prevent attacks with Zero Trust controls, continuously validating every interaction. This is one of our key principles - ?????????????? ???????? ?????? ???????????????? ??????’?? ?????????? ?????????????? ??????????????, ????’?? ?????????? ???????????????? ???????? ???? ??????. ?? Explore our approach here: https://go.clut.ch/ra5 #CyberSecurity #NHISecurity #ZeroTrust #IdentitySecurity

?? ????’?? ?????? ?????????? ?????????? ?? NHIs often operate with almost no guardrails — running from anywhere, without proper validation. That’s a massive security gap. If security teams don’t establish trust in where, how, and when NHIs are used, attackers will find those blind spots first. The core problem: ?? NHIs lack built-in controls or restrictions, making them easy targets. ?? NHIs are scattered across environments, leading to fragmented security. ?? Security teams have limited visibility into who is using NHIs and how they’re being used. ??Clutch Security’s Approach: ???????? ?????????? ?????? ?????????? ?????? ???????????????? Instead of assuming NHIs can be trusted by default, Clutch applies Zero Trust validation to every interaction — ensuring only verified and properly used NHIs can operate. ?? ???????????????? ???????????????? - Every NHI is validated before it’s allowed to run. ?? ???????????????????????????? ???????????????????? – Clutch attributes who, where, and how NHIs are being used. ? ??????????-?????????? ???????????? – Only verified NHIs can interact with your critical assets. This is one of our key principles - because true NHI security isn’t just about managing access, it’s about establishing trust at every step. ?? Explore our approach here: https://go.clut.ch/zn4 #CyberSecurity #NHISecurity #ZeroTrust #IdentitySecurity