SpyCloud Identity Guardians
Safeguard employee identities with automated remediation of identity exposures with SpyCloud Identity Guardians for Active Directory and Entra ID — preventing account takeover and improving password hygiene across your entire workforce.
Prevent unauthorized access with automated remediation of compromised credentials
A criminal who gains access to your users’ directory store credentials through a third-party breach, malware infection, or successful phishing attack can easily log into your network – accessing business-critical services such as remote file shares, email services, collaboration tools, and more. SpyCloud Identity Guardians enable you to streamline proactive workflows that automate remediation of compromised credentials.
Actionable insights
More than just intel – quality data that is curated, enriched, contextualized, and facilitates action on exposed employee, vendor and contractor accounts on an ongoing basis
Instant time-to-value
Save your team valuable time and resources with this seamless integration that decreases password reuse, improves password hygiene, proactively monitors for exposures, and remediates compromised credentials
Automated remediation
Automated remediation of breached, malware-infected and phished accounts directly through AD, Entra ID, and Okta – making it easier for enterprises to implement seamless Post-Infection Remediation
Instant discovery & rapid remediation
SpyCloud Identity Guardians deliver a seamless integration into your directory environment to continuously monitor and take action on compromised credentials – safeguarding employee identities and securing access to corporate data and critical IP.
Early detection of breach, malware and phished data exposures
Speed is critical when it comes to recapturing credentials that have been exfiltrated by infostealers – enabling swift Post-Infection Remediation of stolen passwords before cybercriminals have a chance to use them as an entry point into your organization.
SpyCloud Identity Guardians enable you to significantly shorten your enterprise exposure from compromised employee and contractor identities by automating password resets through Active Directory and Entra ID – including where Okta is the identity provider – or by disabling high-risk accounts.
Faster resolution with automated workflows
Compromised accounts put enterprises at risk – overloading security and IT teams who spend manual hours investigating, responding to, and remediating exposures. With SpyCloud Identity Guardians, you can:
- Simplify discovery and remediation of compromised accounts
- Uncover new exposures with real-time alerts from SpyCloud Enterprise Protection when corporate credentials are discovered in a third-party breach, exfiltrated by an infostealer or part of a successful phish
- Schedule scans at your preferred cadence, with reports delivered directly to your inbox
- Decrease mean-time-to-recovery by automating the remediation of password resets or disabling high-risk accounts
- Get instant time-to-value with seamless implementation that won’t endanger your domain controller or cause account lockouts
- Gain visibility into internal password reuse
Identify password reuse across corporate and personal accounts
Employee password reuse extends to personal accounts, creating a blind spot for security professionals. When an employee’s personal credentials are compromised, it’s easy for a criminal to connect the dots and target that user’s directory account.
Identity Guardians allow you to monitor your AD and Entra ID accounts for any password that has ever appeared in SpyCloud’s database of billions of exposed passwords. It will automatically detect when employees use passwords that criminals are actively leveraging in credential stuffing and password spraying attacks. You can also easily block employees from setting these passwords in the first place, and detect new exposures that could put your enterprise at risk as new breaches, malware infections, and successful phishing attacks compromise additional passwords.
EXPLORE
SPYCLOUD IDENTITY GUARDIANS
Active Directory Guardian
Automated remediation of compromised accounts for Microsoft Active Directory
Entra ID Guardian
Automated remediation of compromised accounts for Microsoft Entra ID
Okta Workforce Guardian
Automated remediation of compromised accounts for Okta Workforce Identity
SpyCloud Active Directory Guardian FAQs
Active Directory Guardian can force a password reset to Okta instead of performing a password reset in AD or Azure, requiring the user to change his/her password upon the next login. Setup just takes a few steps and can be incorporated as an action in the customizable Remediation Policies.
SpyCloud also offers a native Okta workflow integration for automation and management inside of Okta Workforce.
SpyCloud Identity Guardians provide several options to easily reset an Active Directory password including the options to disable a user or force a password process when a password match is found. Options can be easily defined in the Remediation Policies.
Yes, Active Directory Guardian can improve password hygiene and password security across your organization.
Active Directory Guardian prevents employees from creating passwords that are in SpyCloud’s vast repository of exposed passwords, variations of passwords, dictionary words, and sequential characters. You can also create a custom “Banned Password List” (e.g., company names, industry terms, etc.) and you can streamline compliance with NIST password guidelines. Prevent insider threats from poor cyber hygiene and security practices that can lead to account takeover and ransomware attacks.
The passwords you choose and how you manage them have serious security implications as the use of stolen credentials continues to be the number one entry point for cybercriminals.
Active Directory Guardian accounts for some of the best password management practices by preventing employees from using previously exposed passwords, dictionary words, sequential characters, and fuzzy matches of exposed passwords. SpyCloud also recommends that you streamline compliance with NIST password guidelines. Click more here for more password best practices and tips.
The NIST password guidelines are a part of Digital Identity Guidelines in, “NIST Special Publication 800-63B.” Some highlights include:
Identify and avoid: “Passwords obtained from previous breach corpuses.”
Identify and avoid: “Dictionary Words.”
Identify and avoid: “Repetitive or sequential characters.” (e.g., ‘aaaaa’ or ‘1234abcd)
Identify and avoid: “Context-specific words, such as the name of the service, the username, and derivatives thereof.”
Remediate compromised passwords: “If the chosen secret is found in the list, the CSP or verifier SHALL advise the subscriber that they need to select a different secret, SHALL provide the reason for rejection, and SHALL require the subscriber to choose a different value.”
Active Directory Guardian makes it easy to streamline compliance with NIST password guidelines.
Active Directory Guardian prevents employees from creating passwords that are in SpyCloud’s vast repository of exposed passwords, variations of passwords, dictionary words, and sequential characters. You can also create a custom “Banned Password List” (e.g., company names, industry terms, etc.) and you can streamline compliance with NIST password guidelines. To see passwords you should consider banning, check out our list of the top “bad passwords,” updated monthly.
Active Directory Guardian runs locally on your Active Directory member server or domain controller.
Entra ID Guardian runs in an Azure container and supports cloud-native deployments.
You might like:
Cybercrime Analytics
Discover why market leaders across all industries are choosing Cybercrime Analytics over threat intelligence – so they can move beyond context and take action.
2024 Annual Identity Exposure Report
Each year, SpyCloud analyzes the billions of identity assets we recapture from the darknet and shares data breach, malware & identity threat insights in this report. Here’s what we found.
Malware-Infected User Response Guide
Handy guide to decipher what it means when employee or consumer information appears on a botnet log, and how to contact infected users with an action plan.
Account Takeover 101
You can’t stop ATO until you understand it. Get this plain-English primer on the latest attack methods, bad habits that increase ATO risk, and strategies for prevention.
Experience the power of automation
Easily remediate compromised passwords and malware exposures with SpyCloud Identity Guardians.