Back

Active Directory Guardian

IAM

Read Docs
Read Datasheet
OVERVIEW

SpyCloud Active Directory Guardian amplifies your identity protection efforts to safeguard employee identities by checking AD credentials against billions of recaptured darknet assets to see if any of your corporate logins are available to cybercriminals – automatically remediating exposed passwords within five minutes from discovery. Using the world’s largest repository of recaptured identity data and SpyCloud’s proprietary IDLink analytics, Active Directory Guardian also prevents employees from choosing weak or exposed Active Directory passwords that overlap across their personal and professional identities. As new incidents occur, you can automatically reset exposed passwords and disable high-risk employee accounts – keeping your corporate assets secure.

BENEFITS
  • Holistic Identity Matching
    with IDLink analytics uncover hidden exposures linked to breaches, malware infections, and successful phishing attacks
  • Stay Ahead of Criminals
    with rapid remediation of newly compromised Active Directory accounts to prevent criminals from targeted employee ATO attacks
  • Prevent Password Reuse
    by detecting exposed credentials used by employees in corporate and personal accounts, with privacy by design
SEE IT IN ACTION
ACTIVE DIRECTORY GUARDIAN + OKTA REMEDIATION WORKFLOW

Active Directory Guardian + Okta Remediation Workflow: This is an example of a customer’s environment using Okta with authentication provided by AD. Active Directory Guardian is configured to directly connect to Okta using the Okta API.

Secure enterprise cloud security and identity management with SpyCloud ADG.
HOW IT WORKS

SpyCloud Active Directory Guardian includes two components that can be implemented together or separately: a browser-based application that installs as a service and runs locally, and a password  lter that runs on your domain controllers.

  • Active Directory Guardian uses native Microsoft calls to replicate data related to users in your AD environment including NTLM hashes of your AD passwords.
  • Active Directory Guardian pulls exposed credentials matching your SpyCloud watchlist domain via the SpyCloud API and runs analytics locally.
  • Active Directory Guardian checks your AD users' passwords, including "fuzzy" variations, to ensure they haven’t been exposed from third-party breaches, malware, or successful phishing attacks.
  • Scanning with IDLink automatically returns any compromised passwords found in SpyCloud’s database that are correlated to your employee’s holistic identity.
  • If the user’s credentials match, you can automatically reset the password through.
  • Other options include disabling the account, alerting the security team, or notifying the user when a password reset is required.