At its core, Enzoic is a massive cloud database of exposed credential data with web-based API services that help you protect your organization from compromised credentials. Organizations using Active Directory use Enzoic to keep vulnerable passwords out of your environment.
How does this service benefit my organization?
Nearly two thirds of data breaches involve weak or stolen login credentials, with substantial damage to reputation and financial loss. Enzoic hardens the password layer to keep you secure.
Where does the breached data come from?
The data is sourced from the public Internet and Dark Web and therein lies the problem: a cybercriminal can get this data and use it to threaten your organization. To maintain our database we use the combination of proprietary automated processes, submitted contributions and diligence of our threat intelligence team.
How large is your database?
The Enzoic compromised credential database contains multiple billions of carefully indexed records and is consistently being updated. All that said, you should be somewhat wary of firms quoting record counts because the same credentials tend to be found repeatedly across multiple sources.
Why aren’t strong passwords enough protection?
Strong password requirements may actually be part of the problem. The difficulty creating and remembering complicated passwords increases the temptation to reuse the same password. Read more about strong passwords.
Isn't multi-factor authentication sufficient?
Unfortunately, 2FA and MFA can be bypassed by hackers. Having more security layers is definitely better, but neglecting to protect passwords just weakens an essential layer. If your organization is investing in multi-factor (and the added effort that imposes on your users), allowing them to use known compromised credentials just doesn’t make sense.
How does Enzoic stay secure?
Enzoic is designed to exceed the most stringent requirements of enterprise security professionals. The credentials in our database are encrypted and only stored in a salted and strongly hashed format where we have absolutely no way of recovering the original data. And we never store submitted data; it is kept in memory on our servers only long enough to perform the database lookup and then the memory is zeroed out at the end of the call. Read more in our Security Overview
Can you meet our performance requirements?
Yes. Our cloud architecture is hosted by Amazon Web Services, the same environment used by some of the largest service providers. Typical response time for our API is sub 200 ms. Please contact us to review your high-performance and availability requirement.