Enzoic, a leading provider of compromised password security solutions, released the latest version of Enzoic for Active Directory. The automated tool screens and identifies employees that are using compromised or weak passwords, helping organizations reduce insider risks from poor password hygiene. It is the only Active Directory plugin with 1-click NIST password guideline compliance.
Insider threats continue to increase with Verizon’s 2019 Data Breach Investigations Report identifying that 34 percent of all breaches in 2018 were caused by insiders, up from 28 percent in 2017.
Organizations need a way to identify and mitigate the growing risk from employees and their use of risky passwords. With Microsoft Active Directory being the primary solution for access to network resources, Enzoic provides IT teams with an automated solution that identifies users with compromised passwords, helping mitigate the risks from within.
Enzoic for Active Directory provides either 1-click NIST password guideline compliance or fully customized settings. The setup wizard can guide the administrator through configuring the different application options. These include fully automated common password screening, fuzzy password matching, password similarity blocking, and custom password dictionary filtering.
Enzoic can now also look for a “root” password, meaning it can detect if a password is just changed with appended and prepended characters. In addition, Enzoic provides organizations with visibility into which users are deploying compromised credentials.
“Insider threats are a rapidly growing threat vector and organizations need an automated solution to pinpoint employees that are using exposed passwords,” said Mike C. Wilson, Founder, and CTO, Enzoic.
“Preventing the use of compromised passwords and enforcing a secure password policy are vital weapons in the battle against insider threats. Enzoic for Active Directory provides organizations with the ability to easily secure and enforce password policy.”
“Our recent primary research indicates more than 60% of businesses experienced a security breach in the last year, and the most frequent breaches involved compromised passwords,” noted Steve Brasen, Research Director with IT industry analyst firm, Enterprise Management Associates.
“Enzoic for Active Directory ensures passwords continuously meet even the most stringent security and compliance requirements while simplifying management processes.”
The latest version of Enzoic for Active Directory incorporates a dashboard widget that highlights if the settings follow requirements from NIST 800-63b, which includes settings that enable password checks during password resets, reject common passwords, include fuzzy password matching, turn on continuous password protection, and create a custom password dictionary.
The solution is simple to install and once the setup is complete it continually runs in the background without requiring additional IT support.
Additional feature enhancements in Enzoic for Active Directory include:
- Root password detection will check user passwords for so-called “root” passwords that are common or compromised. It does this by removing trailing numbers and symbols that users often will use to prefix or suffix a password.
- Monitored users reports allow organizations to have visibility into which employees are using exposed passwords. It includes a report displaying the status of all protected user accounts and clearly indicates compromised accounts.