Those of you that are familiar with STEALTHbits know that protecting credentials is in our DNA – there is no separating credential protection from a sane data protection strategy. The operative word being “sane”. Earlier this year we introduced the first iteration of our Enterprise Password Enforcer, a password policy enforcement tool for Active Directory. In the first release, we focused on creating a solution that was transparent and operationally friendly. It did not require reboots when updating policies or end point agents; it focused on preventing known compromised passwords from being used, effectively reducing password sprawling attacks and keeps users from re-using what they think are otherwise safe passwords.
From the start, we knew we wanted our password enforcement tool to be much more. Around here the product teams have lofty goals; that is also in the STEALTHbits DNA, so in this update, to StealthINTERCEPT we incorporated the ability to filter and reject passwords based on complexity, length, keywords, expanded dictionary words, patterns, and more…
Why adopt these additional complexity requirements?
Let’s take a step back and address why it is necessary to revisit your current password policies. In 2016 the Verizon Data Breach Investigations Report (DBIR) stated that 63% of confirmed data breaches leverage a weak, default, or stolen password. The following year, the 2017 Verizon DBIR reported that 81% of hacking-related breaches leveraged either stolen and/or weak passwords. And in the 2018 DBIR, use of stolen credentials remains a number one action in breaches. Attackers have demonstrated a consistent ability to compromise accounts by leveraging passwords from prior breaches.
Additionally, Microsoft, based on billions of observed login attempts to its Azure cloud service updated their password recommendations, as did the National Institute for Standards and Technology (NIST). Protecting credentials has always been part of our core mission here at STEALTHbits and through our own observations, we knew that incorporating AD Password Protection into our Threat Protection solutions was the right decision for our customers.
Incorporating a solution such as the STEALTHbits Enterprise Password Enforcer has the benefit of:
- Moving users towards adopting pass-phrases
- Reducing the threat of password spraying attacks
- Achieving NIST compliance
- Protecting hybrid environments that sync to Azure AD
- Accelerating adopting best practices that reduce the frequency of passwords changes
If you would like to learn more or download a free trial please visit our product page.
Gabriel Gumbs is the VP of Product Strategy at STEALTHbits Technologies responsible for end-to-end product vision and innovation. With a 16 year tenure in CyberSecurity, he has spent most of that time as a security practitioner, aligning security innovations with business objectives for Fortune 100 organizations. Gabriel is an information security thought leader, privacy advocate and public speaker.