Enzoic for Active Directory
Comply with NIST 800-63 with an easy-to-implement plugin that compares employee passwords against cracking dictionaries; exposed and commonly used passwords.
Continuous password protection helps prevent ongoing use of compromised passwords and remediation is fully automated.
With cracking dictionaries and credentials exposed in data breaches, it is easy for bad actors to attack Active Directory.
Enzoic enhances your existing password policies so they automatically restrict the selection of commonly-used, expected, or compromised passwords. It then provides continuous monitoring of those passwords to ensure they don’t become vulnerable later.
Enzoic meets the NIST 800-63b requirements for real-time detection of unsafe passwords and eliminating the need for periodic password expiration.
How it works:
Enzoic’s simple plug-in uses a standard password filter object to create a new password policy that works anywhere that defers to Active Directory, including Azure AD and third-party password reset tools.
When a new password is being created, a partial hash is evaluated against Enzoic’s massive, continuously updated database. A list of candidate hashes is returned for a local comparison and no data is stored by Enzoic.
If a password becomes unsafe, Enzoic automates remediation with configurable actions that include requiring password reset on next login.
How Enzoic for Active Directory Can Help
Harden new passwords
Enzoic enhances your password policies so they automatically restrict the selection of any password that was previously compromised, helping users avoid unsafe password according to NIST guidelines.
Reduce the attack window
As soon as Enzoic indexes a new breach or cracking dictionary, your organization is immediately protected. Our data is sourced from the public Internet and Dark Web and is updated continuously by proprietary automated processes and human threat intelligence.
Our services use a partial hash for your security. This allows you to check whether a given password is known to be compromised, without the exact password or hash leaving your environment.