Enzoic for Active Directory
Enable Password Policy Enforcement and
Secure Passwords with Daily Screening for Exposed Password
Complete Password Filtering and Monitoring
Enterprises can easily adopt NIST password requirements and eliminate vulnerable passwords in Active Directory with:
- Fully automated compromised password detection
- Custom password dictionary
- Blocking of username derivatives
- Fuzzy matching with common character substitutions
- Continuous ongoing monitoring
Try a quick free audit and check for your domain's password vulnerabilities.
View the 2-minute video above, or register to watch the full product demo.
How Enzoic for Active Directory Works to Secure Passwords
Enzoic for Active Directory makes detecting and eliminating compromised passwords in AD easy and frictionless with a simple plug-in.
Using a standard password filter object, Enzoic allows you to create a “set and forget” password policy to detect for password vulnerability in Active Directory, as well as hybrid Azure AD environments, and third-party password reset tools.
When a new password is being created, a partial hash is evaluated against Enzoic’s database to check to see if the password has been seen in a data breach, is easy-to-guess, is commonly used, or matches your configuration settings that may make the password vulnerable to your specific environment.
Daily monitoring against Enzoic’s continuously updated database then detects if a good password becomes unsafe. Enzoic automates remediation with a variety of configurable actions that include requiring a password reset.
Get started quickly by downloading and running the installation wizard on each domain controller.
Initial installation and configuration typically takes 15 minutes or less, though this may vary depending on the complexity of your environment.
“We selected Enzoic for Active Directory because it automates compliance with the NIST password guidelines and it can be installed in just a few minutes. It includes continuous exposed password filtering and if bad passwords are found, remediation is automated so it does not create any additional work for our IT team. The custom local dictionary in the newest version of Enzoic for Active Directory will enable us to block our company name, product names and some of the common words our employees may choose to use,” Said Peter Rios at Kingston Technology Company. “The experience is seamless for our users. It only impacts the users that are using bad or exposed passwords, all other accounts are protected without any additional friction.”
PETER RIOS, IT NETWORK MANAGER MANAGEMENT INFORMATION SYSTEMS, KINGSTON TECHNOLOGY
Enzoic For Active Directory Provides:
Periodic summary report for administrator
Updated password policy with blocking passwords containing: User's first or last name, user's login name and user's email
Customizable and brandable notification
Admin error reporting
One-click NIST compliance screen
Compromised user reporting
Root password detection
Breaches happen virtually every day. To stay a step ahead of hackers, a dynamic solution that addresses NIST guidelines and cross-references passwords against a continuously updated database is critical.
Microsoft Azure AD Password Protection may prevent simple password weaknesses, but misses attacks including: brute force, advanced persistent threats, and credential stuffing.
Enzoic for Active Directory is a comprehensive, dynamic solution that provides protection at the password layer. It draws on our proprietary database of multiple billions of unique exposed passwords and our dynamic list that is updated multiple times daily. Our approach ensures that passwords are cross-referenced against data from the most recent breaches and easily addressing NIST's real-time detection requirements.
NIST Password Standards
Screen for commonly used and compromised passwords to prevent people from selecting these easy to guess passwords.Read the White Paper
Using 2FA and MFA Effectively
The more layers of authentication, the more difficult it is for someone to access an account that’s not their own. However, 2FA and MFA have limitations: user friction, device compatibility, and cost.
The 451 Research’s Voice of the Enterprise survey data shows that MFA has risen very slowly, just 2% over the past 3 full years - from 51% to 53%. Therefore, nearly half of all organizations still primarily rely on passwords for authenticating users.
As credential theft continues to rise, what can be done to ensure password security?
Harden the password layer. Employ the policy of checking passwords against a blacklist of compromised credentials. This solution requires real-time, and continuous, checking of passwords to detect if and when credentials become unsafe. This helps organizations strengthen passwords without impacting the user experience.
Modern Identity and Access Management (IAM)
Responsibly enable user authorizations for enterprise applications, data, and IT services in a manner that meets enterprise security requirements while minimizing impacts on end-user productivity.
According to Enterprise Management Associates Contextual Awareness research, more than 60% of survey respondents indicated their organization had experienced a security breach in the last year, and the most frequent breaches involved passwords being compromised and malware attacks.
Unfortunately, passwords are the weakest link in enterprise security because they broadly rely on fallible human memory and practices.
Enzoic for Active Directory eliminates the burden of periodic password reset and improves security with its on-going password check against a continually updated list of compromised passwords.
Active Directory Resources
Automation Can Help Save The IT Team Time and Energy
The goal of Enzoic for Active Directory is to allow IT to set it up and then just let it run. When an existing password becomes vulnerable, the remediation steps are automated instead of manual intervention.
Enzoic for Active Directory can meet all the NIST password policy guidelines. It serves as a comprehensive, automated password blacklist that filters for weak, commonly-used, expected, and compromised passwords.
Organizations have unique needs, so automated responses can be customized when compromised or weak passwords are found. The organization can select the appropriate automated action and the timeline for that action. Alerts can also be sent to the user, the help desk and/or an admin.