SpyCloud Active Directory Guardian
Safeguard employee identities with automated remediation of malware exposures — preventing account takeover and improving password hygiene in single click.
Prevent unauthorized access with automated remediation of compromised credentials
A criminal who gains access to your users’ Active Directory credentials through a third-party breach or malware infection can easily log into your network – accessing business-critical services such as remote file shares, Microsoft Exchange email services, SharePoint collaboration tools, and more. Active Directory Guardian enables you to streamline proactive workflows that automate remediation of compromised credentials.
More than just intel – quality data that is curated, enriched, contextualized, and facilitates action on exposed employee, vendor and contractor accounts on an ongoing basis
Save your team time and resources with this seamless integration that decreases password reuse, improves password hygiene, proactively monitors for exposures, and dynamically remediates compromised credentials
Simple, one-click remediation of breached and malware-infected accounts directly through AD, Azure AD, and Okta – making it easier for enterprises to implement Post-Infection-Remediation and improve cyber resiliency
Instant discovery, rapid remediation
SpyCloud’s Active Directory Guardian delivers a seamless integration into your AD environment to continuously monitor and take action on compromised credentials – safeguarding employee identities and securing access to corporate data and critical IP.
Early detection of breach and malware exposures
Speed is critical when it comes to recapturing credentials that have been exfiltrated by infostealers – enabling swift Post-Infection Remediation of stolen passwords before cybercriminals have a chance to use them as an entry point into your organization.
SpyCloud Active Directory Guardian enables you to significantly shorten your enterprise exposure from compromised employee and contractor identities by automating password resets through AD and Azure AD – including where Okta is the identity provider – or by disabling high-risk Active Directory accounts.
Faster resolution with automated workflows
Compromised Active Directory accounts put enterprises at risk – overloading security and IT teams who spend manual hours investigating, responding to, and remediating exposures. With Active Directory Guardian, you can:
- Simplify discovery and remediation of compromised accounts
- Uncover new exposures with real-time alerts when corporate credentials are discovered in a third-party breach or exfiltrated by an infostealer
- Schedule scans at your preferred cadence, with reports delivered directly to your inbox
- Decrease mean-time-to-recovery by automating the remediation of password resets or disabling high-risk AD accounts
- Get instant time-to-value with seamless implementation that won’t endanger your domain controller or cause account lockouts
- Gain visibility into internal password reuse
Identify password reuse across corporate and personal accounts
Employee password reuse extends to personal accounts, creating a blind spot for security professionals. When an employee’s personal credentials are compromised, it’s easy for a criminal to connect the dots and target that user’s Active Directory account.
Active Directory Guardian allows you to monitor your AD accounts for any password that has ever appeared in SpyCloud’s database of billions of exposed passwords. It will automatically detect when employees use passwords that criminals are actively leveraging in credential stuffing and password spraying attacks. You can also easily block employees from setting these passwords in the first place, and detect new exposures that could put your enterprise at risk as new breaches and malware infections compromise additional passwords.
What else can I do with Active Directory Guardian?
Banned password lists
Make custom lists of specific passwords to block, such as company name, industry terms, team names, and keywords related to current events.
Create triggers and workflows around notifications and mitigation of exposures – whether you want to apply to all users or exclude users based on role type.
Easy Okta integration
Enable forced password resets directly in Okta with a single click, or even automatically, when matches are found.
Provide your leadership team with updates on SpyCloud results critical to their functional KPIs.
Schedule scans on a regular basis to evaluate passwords to catch exposures in new breaches and the reuse of previously compromised passwords.
Shared password reporting
Gain visibility of internal password reuse via regularly cadenced scans with the Shared Password Report audit option.
Create custom remediation steps, including notifying users with custom emails sent from a known internal address, and select which remediation process you want to use after a scan is completed.
Align to NIST password guidelines by preventing employees from setting weak or compromised passwords and automatically filtering out bad passwords.
SpyCloud Active Directory Guardian FAQs
Active Directory Guardian can force a password reset to Okta instead of performing a password reset in AD or Azure, requiring the user to change his/her password upon the next login. Setup just takes a few steps and can be incorporated as an action in the customizable Remediation Policies.
Active Directory Guardian provides several options to easily reset an Active Directory password including disabling a user or forcing a password reset when a password match is found. Options can be easily defined in the Remediation Policies.
Yes, Active Directory Guardian can improve password hygiene and password security across your organization.
Active Directory Guardian prevents employees from creating passwords that are in SpyCloud’s vast repository of exposed passwords, variations of passwords, dictionary words, and sequential characters. You can also create a custom “Banned Password List” (e.g., company names, industry terms, etc.) and you can streamline compliance with NIST password guidelines. Prevent insider threats from poor cyber hygiene and security practices that can lead to account takeover and ransomware attacks.
The passwords you choose and how you manage them have serious security implications as the use of stolen credentials continues to be the number one entry point for cybercriminals.
Active Directory Guardian accounts for some of the best password management practices by preventing employees from using previously exposed passwords, dictionary words, sequential characters, and fuzzy matches of exposed passwords. SpyCloud also recommends that you streamline compliance with NIST password guidelines. Click more here for more password best practices and tips.
The NIST password guidelines are a part of Digital Identity Guidelines in, “NIST Special Publication 800-63B.” Some highlights include:
Identify and avoid: “Passwords obtained from previous breach corpuses.”
Identify and avoid: “Dictionary Words.”
Identify and avoid: “Repetitive or sequential characters.” (e.g., ‘aaaaa’ or ‘1234abcd)
Identify and avoid: “Context-specific words, such as the name of the service, the username, and derivatives thereof.”
Remediate compromised passwords: “If the chosen secret is found in the list, the CSP or verifier SHALL advise the subscriber that they need to select a different secret, SHALL provide the reason for rejection, and SHALL require the subscriber to choose a different value.”
Active Directory Guardian makes it easy to streamline compliance with NIST password guidelines.
Active Directory Guardian prevents employees from creating passwords that are in SpyCloud’s vast repository of exposed passwords, variations of passwords, dictionary words, and sequential characters. You can also create a custom “Banned Password List” (e.g., company names, industry terms, etc.) and you can streamline compliance with NIST password guidelines. To see passwords you should consider banner, check out our list of the top “bad passwords,” updated monthly.
You might like:
Discover why market leaders across all industries are choosing Cybercrime Analytics over threat intelligence – so they can move beyond context and take action.
2023 Annual Identity Exposure Report
With nearly half of our data coming from botnets last year, our annual report of recaptured darknet data features key trends about malware and identity exposure.
Malware-Infected User Response Guide
Handy guide to decipher what it means when employee or consumer information appears on a botnet log, and how to contact infected users with an action plan.
Account Takeover 101
You can’t stop ATO until you understand it. Get this plain-English primer on the latest attack methods, bad habits that increase ATO risk, and strategies for prevention.