SpyCloud Identity Guardians
Automate remediation of identity exposures with SpyCloud Identity Guardians for Active Directory, Entra ID, and Okta in as little as 15 minutes from discovery — preventing account takeover and improving password hygiene across your entire workforce.
Amplify your identity threat protection across your directory store
With SpyCloud Identity Guardians, prevent unauthorized access with automated remediation of compromised credentials.
A criminal who gains access to your users’ directory store credentials through a third-party breach, malware infection, or successful phishing attack can easily log into your network – accessing business-critical services such as remote file shares, email services, collaboration tools, and more. This threat extends to all exposed credentials tied to your employees’ personal identities, some of which are likely outside your monitoring visibility.
SpyCloud Identity Guardians enable proactive workflows that automate the remediation of compromised credentials, giving defenders the immediacy required to protect their workforce.
Identity insights
More than just intel – get quality data that is curated, enriched, contextualized, and facilitates action on exposed employee, vendor, and contractor accounts from SpyCloud’s proprietary IDLink analytics
Instant time-to-value
Save your team valuable time and resources with this seamless integration that decreases password reuse, improves password hygiene, proactively monitors for exposures, and remediates compromised credentials
Automated remediation
In as little as 15 minutes from discovery, automate remediation of breached, malware-infected, and phished accounts directly through Active Directory, Entra ID, and Okta
EXPLORE
SPYCLOUD IDENTITY GUARDIANS
Active Directory Guardian
Automated remediation of compromised accounts for Microsoft Active Directory
Entra ID Guardian
Automated remediation of compromised accounts for Microsoft Entra ID
Okta Workforce Guardian
Automated remediation of compromised accounts for Okta Workforce Identity
Instant discovery & rapid remediation
SpyCloud Identity Guardians integrate into your directory environment to continuously monitor and take action on compromised credentials – safeguarding employee identities and securing access to corporate data and critical IP.
Early detection of breach, malware and phished data exposures
Speed is critical when it comes to recapturing credentials that have been exfiltrated by infostealers. With SpyCloud, defenders can remediate stolen passwords in as little as 15 minutes from detection, well before cybercriminals have a chance to use them as an entry point into your organization.
SpyCloud Identity Guardians significantly shorten your enterprise exposure from compromised employee and contractor identities by automating password resets through Active Directory and Entra ID – including where Okta is the identity provider – or by disabling high-risk accounts.
Faster resolution with automated workflows
Compromised accounts put enterprises at risk – overloading security and IT teams who spend manual hours investigating, responding to, and remediating exposures. With SpyCloud Identity Guardians, you can:
- Simplify discovery and remediation of compromised accounts
- Uncover new exposures with real-time alerts from SpyCloud Enterprise Protection when corporate credentials are discovered in a third-party breach, exfiltrated by an infostealer or part of a successful phish
- Automatically scan or schedule scans at your preferred cadence, with reports delivered directly to your inbox
- Decrease mean-time-to-recovery by automating the remediation of password resets or disabling high-risk accounts
- Get instant time-to-value with seamless implementation that won’t endanger your domain controller or cause account lockouts
- Gain visibility into internal password reuse and force resets
Identify password exposures across corporate and personal accounts
Password reuse and exposed credentials extends to personal accounts, creating a blind spot for security professionals. When an employee’s personal credentials are compromised, it’s easy for a criminal to connect the dots and target that user’s directory account.
Identity Guardians with IDLink identity analytics allow you to monitor your Active Directory and Entra ID accounts for any password aligned with an employee’s holistic identity that has ever appeared in SpyCloud’s database of billions of exposed passwords. It will automatically detect when employees use passwords that criminals are actively leveraging in credential stuffing and password spraying attacks. You can also easily block employees from setting these passwords in the first place, and detect new exposures that could put your enterprise at risk as new breaches, malware infections, and successful phishing attacks compromise additional passwords.
Know more with
IDLink analytics
Find up to 7x more passwords per user
Scan with IDLink for even more powerful coverage of exposed Active Directory accounts. Find all exposed credentials tied to your employees’ personal identities, some of which are likely outside your monitoring visibility.
SpyCloud Identity Guardian FAQs
Active Directory Guardian can force a password reset to Okta instead of performing a password reset in AD or Azure, requiring the user to change his/her password upon the next login. Setup just takes a few steps and can be incorporated as an action in the customizable Remediation Policies.
SpyCloud also offers a native Okta workflow integration for automation and management inside of Okta Workforce.
SpyCloud Identity Guardians provide several options to easily reset an Active Directory password including the options to disable a user or force a password process when a password match is found. Options can be easily defined in the Remediation Policies.
Yes, Active Directory Guardian can improve password hygiene and password security across your organization.
Active Directory Guardian prevents employees from creating passwords that are in SpyCloud’s vast repository of exposed passwords, variations of passwords, dictionary words, and sequential characters. You can also create a custom “Banned Password List” (e.g., company names, industry terms, etc.) and you can streamline compliance with NIST password guidelines. Prevent insider threats from poor cyber hygiene and security practices that can lead to account takeover and ransomware attacks.
The passwords you choose and how you manage them have serious security implications as the use of stolen credentials continues to be the number one entry point for cybercriminals.
Active Directory Guardian accounts for some of the best password management practices by preventing employees from using previously exposed passwords, dictionary words, sequential characters, and fuzzy matches of exposed passwords. SpyCloud also recommends that you streamline compliance with NIST password guidelines. Click more here for more password best practices and tips.
The NIST password guidelines are a part of Digital Identity Guidelines in, “NIST Special Publication 800-63B.” Some highlights include:
Identify and avoid: “Passwords obtained from previous breach corpuses.”
Identify and avoid: “Dictionary Words.”
Identify and avoid: “Repetitive or sequential characters.” (e.g., ‘aaaaa’ or ‘1234abcd)
Identify and avoid: “Context-specific words, such as the name of the service, the username, and derivatives thereof.”
Remediate compromised passwords: “If the chosen secret is found in the list, the CSP or verifier SHALL advise the subscriber that they need to select a different secret, SHALL provide the reason for rejection, and SHALL require the subscriber to choose a different value.”
Active Directory Guardian makes it easy to streamline compliance with NIST password guidelines.
Active Directory Guardian prevents employees from creating passwords that are in SpyCloud’s vast repository of exposed passwords, variations of passwords, dictionary words, and sequential characters. You can also create a custom “Banned Password List” (e.g., company names, industry terms, etc.) and you can streamline compliance with NIST password guidelines. To see passwords you should consider banning, check out our list of the top “bad passwords,” updated monthly.
Active Directory Guardian runs locally on your Active Directory member server or domain controller.
Entra ID Guardian runs in an Azure container and supports cloud-native deployments.
You might like:
Cybercrime Analytics
Discover why market leaders across all industries are choosing Cybercrime Analytics over threat intelligence – so they can move beyond context and take action.
2024 Annual Identity Exposure Report
Each year, SpyCloud analyzes the billions of identity assets we recapture from the darknet and shares data breach, malware & identity threat insights in this report. Here’s what we found.
Malware-Infected User Response Guide
Handy guide to decipher what it means when employee or consumer information appears on a botnet log, and how to contact infected users with an action plan.
Account Takeover 101
You can’t stop ATO until you understand it. Get this plain-English primer on the latest attack methods, bad habits that increase ATO risk, and strategies for prevention.
Experience the power of automation
Easily remediate compromised passwords and malware exposures with SpyCloud Identity Guardians.
