Today, Specops Software, an Outpost24 company, has announced the launch of its new continuous scanning capabilities within Specops Breached Password Protection. The feature will now enable security administrators to continuously monitor Active Directory for compromised passwords or those exposed on the Dark Web and prevent password reuse within the enterprise in real-time. The feature is available now to all Specops Breached Password Protection customers.
Passwords continue to represent a persistent risk for all businesses, regardless of size, location and industry. In fact, Microsoft revealed that it deflects over 1,000 password attacks every second.
It’s a complicated situation – IT teams often don’t have control or visibility into the password policies of every app of website their users make use of in the course of doing business, and users often continuously reuse passwords when creating new accounts in their work and personal lives. The likelihood of an attacker taking advantage of exposed credentials is therefore increased. If users continue to reuse passwords in their work and personal lives, it could allow a hacker to gain unauthorised entry to a user’s Active Directory account when those accounts are breached, which puts the entire organisation at risk.
Complicating the risk organisations face is the trend of eliminating password expiry paired with only checking for compromised password use at change or reset events. Without regular expiry, organisations utilising tools that lack continuous monitoring are removing the majority of their compromise checks. Zero expiry periods also give their users more opportunities to reuse their active work passwords in various SaaS in work and personal lives, increasing the chance an attacker could make use of a reused password.
With true continuous scanning, Specops Breached Password Protection identifies and blocks the use of weak or vulnerable passwords whenever a password is changed, reset or when the daily scan takes place, forcing the user to replace that password at the next login (if enforcement is configured). Having near-immediate protection of compromised passwords can mean the difference between a password being exploited or not.
Continuous scanning for breached passwords is a feature included within Specops Breached Password Protection, an add-on for Specops Password Policy which is the comprehensive Active Directory password management system that enhances, enforces and extends password security for the entire organisation. Specops Software continuously monitors and checks against a daily updated database of 3 billion unique passwords in Specops Breached Password Protection. The database automatically acquires intelligence from password leaks, data breaches and honeypot data from live attacks – offering true real-time password protection for businesses.
“Password security continues to be a concern for IT security teams and our own research has shown that passwords continue to be a weak link in security,” said Darren James, product manager at Specops Software. “A critical way to combat this issue effectively is with a layered approach to security that contains continuous password scanning. Security must be constant and consistent. By monitoring which Active Directory passwords are being used in real-time, we can greatly mitigate the risk of password reuse, or the risk of a compromised password being successfully used. With the added feature of continuous scanning within Specops Breached Password Protection, we are proud to be providing market-leading password security that not only meets today’s regulatory compliance needs, but importantly gives the upper hand to security teams and IT administrators to prevent unauthorised account access.”
Specops Breached Password Protection will continue to enable organisations to meet the latest password security recommendations and guidance set out by industry regulatory authorities and standards including NIST, GDPR, NCSC, HITRUST, ANSSI and BSI.