Enzoic, a leading provider of compromised credential screening solutions, released the latest version of Enzoic for Active Directory.
The product is the only Active Directory plugin to meet NIST 800-63b requirements for real-time blocking of unsafe passwords at set-up and provide continuous monitoring of those same passwords to ensure they don’t become vulnerable later. The service gives organizations new ammunition in the ongoing fight against the use of compromised passwords.
Across industries, organizations of all sizes rely on Microsoft’s Active Directory to manage access to networked resources. As such, the technology is frequently a top target for hackers who need only use a cracking dictionary or exposed credentials to gain unauthorized access to a user’s Active Directory account—and wreak havoc from there.
For example, 29 percent of the breaches studied in Verizon’s 2019 Data Breach Investigations Report involved the use of stolen credentials.
Enzoic for Active Directory helps organizations protect against this threat by screening users’ passwords against its proprietary database of compromised credentials, a continuously updated catalogue containing multiple billions of unique exposed user-name and password combinations.
A new feature of Enzoic for Active Directory 2.0 is Continuous Password Protection, which automatically triggers a response if a password becomes vulnerable. This capability enables Active Directory administrators to move beyond a static list of exposed credentials and periodic forced password resets.
It enforces password changes in response to real-time credentials exposures—a critical differentiator given that new credentials are compromised daily. A user password that was secure at creation might no longer be secure the next day.
If an unsafe password is detected, Enzoic can notify and automate follow up action—ranging from prompting the user to change their password upon the next login to instantly disabling the account, depending upon the organizations’ policies.
“To date, much of the password security surrounding Active Directory has focused on complexity rules and forced periodic or quarterly password resets,” said Michael Greene, CEO, Enzoic.
“These practices frustrate users and research has shown them to be ineffectual, as people tend to create much weaker passwords when faced with greater complexity requirements and forced password resets.
“Enzoic for Active Directory removes those burdens while simultaneously strengthening security. By screening passwords both at their creation and monitoring them on a daily basis, we’re giving our customers a leg up in their battle against unauthorized account access.”
Enzoic for Active Directory 2.0 enables compliance with NIST 800-63b in the following ways:
- Screening passwords against a list of commonly used passwords, passwords in cracking dictionaries, or compromised passwords.
- Password checks are performed when passwords are being created and continue to be performed daily on an ongoing basis against a live database, not a static list.
- If a compromised password is detected at creation or during monitoring, an immediate response is triggered.
- By continuously monitoring for the use of compromised credentials, organizations can stop enforcing periodic password resets, meaning that users only need to change their password if it is compromised.
“According to our primary research, more than 90% of organizations have experienced a violation of password policies in just the last year that has exposed the company to extreme financial consequences and business disruption,” noted Steve Brasen, research director with IT industry analyst firm Enterprise Management Associates.
“Enzoic’s approach ensures passwords continuously meet NIST regulations and business requirements while minimizing security administration efforts and related costs.”