Enterprise Password Assessment Solution (EPAS):
The number one risk of any IT security architecture, no matter how thorough and extensive, remains the human factor – mainly the way users interact with the IT environment through the use of passwords. A number of effective measures can be taken to secure an IT security infrastructure, for example antivirus programs, firewalls or the implementation of encryption. Weak passwords in the authentication process still pose an unpredictably high risk. And this is what attackers will target.
In Australia we are seeing a continuing and dramatic increase in malicious and criminal attacks with attackers becoming more sophisticated in their methods:
According to The Office of the Australian Information Commissioner (OAIC), "Of the 97 cyber incidents, over three-quarters “were linked to the compromise of credentials through phishing (29 percent), brute-force attacks (14 percent) or by unknown methods (34 percent)”,
See IT News (July 2018)
With an increased CIO focus on implementing intelligent automation within IT (69% according to Harvey Nash/KPMG CIO Survey 2018), resourcing pressures in IT and the ever-increasing threat vectors, organisations are seeking smart technology to reduce their exposure.
While many organisations are conscious of the need to resolve weak passwords, the common approach, to define password policies based upon some arithmetic complexity containing length, numbers, symbols etc, has fallen short, as has the requirement to frequently change passwords. These measures have led users to create passwords they can easily remember, make slight incremental changes, and indeed recycle passwords. The bad guys have long since figured this out, alas the reality is, somewhere between 50% and 80% of passwords can be cracked routinely, using tools available freely across the dark web.
Add to this the increasing spread of Privileged Access Accounts and increasing risks associated to Third Party Access, 95% of CIOs expect cybersecurity to get worse while Cybersecurity is now a key focus at board level.
Detack has been conducting security audits and penetration testing for the last 15+ years. Through our experience in this role, we have developed a very unique "automated" solution for Password Quality Assurance:
In Australia we are seeing a continuing and dramatic increase in malicious and criminal attacks with attackers becoming more sophisticated in their methods:
According to The Office of the Australian Information Commissioner (OAIC), "Of the 97 cyber incidents, over three-quarters “were linked to the compromise of credentials through phishing (29 percent), brute-force attacks (14 percent) or by unknown methods (34 percent)”,
See IT News (July 2018)
With an increased CIO focus on implementing intelligent automation within IT (69% according to Harvey Nash/KPMG CIO Survey 2018), resourcing pressures in IT and the ever-increasing threat vectors, organisations are seeking smart technology to reduce their exposure.
While many organisations are conscious of the need to resolve weak passwords, the common approach, to define password policies based upon some arithmetic complexity containing length, numbers, symbols etc, has fallen short, as has the requirement to frequently change passwords. These measures have led users to create passwords they can easily remember, make slight incremental changes, and indeed recycle passwords. The bad guys have long since figured this out, alas the reality is, somewhere between 50% and 80% of passwords can be cracked routinely, using tools available freely across the dark web.
Add to this the increasing spread of Privileged Access Accounts and increasing risks associated to Third Party Access, 95% of CIOs expect cybersecurity to get worse while Cybersecurity is now a key focus at board level.
Detack has been conducting security audits and penetration testing for the last 15+ years. Through our experience in this role, we have developed a very unique "automated" solution for Password Quality Assurance:
- EPAS is an on-premises SaaS solution for enterprise wide, automatic and regular password quality assessment and enforcement for a wide range of systems. EPAS addresses the overwhelming issue of maintaining secure passwords in large, heterogeneous environments with more than 30 different systems and databases, ranging from IBM, SAP, Oracle to Microsoft, are supported.
- Legally compliant reporting offers all security relevant password data whilst respecting the protection of personal data and satisfying GDPR requirements, EPAS delivers ongoing risk assessments with regards to overexposed information and credentials.
- Fine-grained audit trails measure and demonstrate the continuous improvement of password security within the organization- addressing the old adage: “If you can’t measure it, you can't improve it!"
- The use of password strength scoring in Identity and Access Management processes, is effectively closing off this very important gap in the security postures of many organizations.
- EPAS both remedies and maintains password quality assurance automatically.
- EPAS is the only solution worldwide to provide an insight to enterprise password security.
What Risk?
We have multiple reference customers globally and have received significant certifications and approvals across Europe for the product. Check with us to see whether you qualify for a "No Cost Pilot"- we value customer feedback and we are confident EPAS will close a significant gap in your security strategy.
We have multiple reference customers globally and have received significant certifications and approvals across Europe for the product. Check with us to see whether you qualify for a "No Cost Pilot"- we value customer feedback and we are confident EPAS will close a significant gap in your security strategy.
For more detail on the EPAS solution please:
|