Enzoic for Active Directory
Enzoic for Active Directory enables password policy enforcement and daily exposed password screening. With a fully automated weak password filtering, fuzzy password matching, password similarity blocking, and customer password dictionary filtering; enterprises can easily adopt NIST password requirements and secure passwords in Active Directory.
With cracking dictionaries and exposed credentials, it is easy for bad actors to attack Active Directory.
Enzoic enhances existing password policies so they automatically restrict the selection of commonly-used, expected, or compromised passwords. It then automates continuous password monitoring to ensure those passwords don’t become vulnerable later.
Enzoic aids with NIST 800-63b requirements for real-time detection of unsafe passwords and eliminating the need for periodic password expiration.
How It Works
Enzoic’s simple plug-in uses a standard password filter object to create a new password policy that works anywhere that defers to Active Directory, including Azure AD and third-party password reset tools.
When a new password is being created, a partial hash is evaluated against Enzoic’s massive, continuously updated database. A list of candidate hashes is returned for a local comparison and no data is stored by Enzoic.
If a password becomes unsafe, Enzoic automates remediation with configurable actions that include requiring password reset on next login.
Complete Password Filtering and Monitoring in Active Directory
√ COMMONLY-USED PASSWORDS
Prevents the use of common dictionary words and passwords.
√ EXPECTED PASSWORDS
Blocks the use of expected passwords with fuzzy password matching.
√ SIMILAR PASSWORDS
Detects and blocks a root password that gets changed by a few characters from the old password.
√ CONTEXT-SPECIFIC PASSWORDS
Blocks the use of context-specific passwords with the custom password dictionary.
√ EXPOSED PASSWORD PROTECTION
Daily screening for compromised passwords because new passwords are exposed every day.
What Type of Visibility Into Password Screening Is Available?
Enzoic for Active Directory has also incorporated additional insights into the product. It has enhanced usage tracking so Active Directory administrators can see the total number of detections, including the number of detections due to fuzzy matching, local dictionary or password similarity matching. With log files now stored in a JSON format, outside consumption by SIEM and log management tools can help streamline reporting.
How Enzoic for Active Directory 2.5 Can Help
Fresh Exposed Password Data
Enzoic indexes newly compromised passwords on a daily basis so your organization is immediately protected. Our data is sourced from the public Internet and Dark Web. It is updated continuously by proprietary automated processes and human threat intelligence.
End Forced Password Reset
By continuously monitoring for compromised credentials, organizations can stop enforcing periodic password resets, meaning that users only need to change their password if it is compromised. This reduces IT help desk costs and improves security because users will choose better passwords if they don’t have to change them frequently.
Continuous Password Monitoring
Enzoic for Active Directory allows for real-time blocking of unsafe passwords at set-up and then automatically provides continuous monitoring of those same passwords to ensure they don’t become vulnerable later. This is essential because a password that was safe yesterday, may not be safe today.
Automation Can Help Save The IT Team Time and Energy
The goal of Enzoic for Active Directory is to allow IT to set it up and then just let it run. When an existing password becomes vulnerable, the remediation steps are automated instead of manual intervention.
The most recent version of Enzoic for Active Directory can meet all the NIST criteria. It serves as a comprehensive, automated password blacklist that filters for weak, commonly-used, expected, and compromised passwords.
Organizations have unique needs, so automated responses can be customized when compromised or weak passwords are found. The organization can select the appropriate automated action and the timeline for that action. Alerts can also be sent to the user, the help desk and/or an admin.