Accounts with compromised credentials are highly vulnerable to ATO. Enzoic’s simple REST APIs lets you quickly determine which users’ passwords, or full credentials, are no longer secure. This allows you to only apply friction (such as step-up authentication or password reset) where and how it’s appropriate for your use case.
Enzoic is designed to exceed the most stringent requirements of enterprise security professionals. No password or hash ever leaves your Active Directory environment. The only data sent to Enzoic’s cloud service is a few characters from the hash. The service then returns candidate hashes for a local comparison. All data is transmitted over TLS 1.2 to our cloud-based infrastructure hosted by Amazon Web Service. Enzoic never stores any client data.