Compromised Identities and the Need for Continuous Monitoring
Updated: Jan 20
Last month it was reported by Threatpost and other news outlets that more than half a billion compromised credentials were found lurking on an open cloud server. It turned out that nearly a quarter billion of them were not previously known to have been compromised. And that’s just the latest in a never-ending string of batches of credentials that are eventually located. So, the battle against compromised credentials is not only gigantic, but seemingly here for the long haul.
We all know that when users or service accounts are accessing accounts, they use credentials consisting of an ID and a password (that is converted to a hash of the password). Whenever these identities are authenticating, that’s the time to check for a compromise – not later. Afterall, a large chunk of the cyberattacks organizations face are initiated with the assistance of compromised passwords. That makes them one of the roots of the problem and worthy of considerable attention from CISOs.
AuthMind almost instantly checks to see if credentials are currently available on the dark web, checking for each identity and its credentials any time the credentials are used. This is largely unique in the industry. Ninety-nine percent of the time, the credentials are not on the dark web, but AuthMind believes it’s important enough to check every time, unlike most of the other alternative solutions available today.
Additionally, AuthMind takes security measures a step further – AuthMind automates the next steps that are taken if credentials are found to be for sale on the dark web. One option is for AuthMind to simply alert or red flag the action and notify a security analyst / IT personnel. Alternatively, organizations can be more stringent and actually ask AuthMind to automatically remediate the situation by requiring the user to change their password at that moment. Organizations can even immediately block access for that user. This translates into a powerful identification and remediation service that organizations greatly appreciate.
Some alternative solutions purchase lists occasionally and then go through the arduous, manual process to check whether the credentials are on the dark web. The problem with this approach is that identities are dynamic – meaning they could be looking up old user IDs and passwords. Checking a dark web list several hours or days later is not helpful for any organization. The list is old and rather useless. Therefore, it’s imperative that an organization continuously check identities.
AuthMind stands out among the crowd because they continuously check identities across the perimeter. It’s one more service that makes them unique in a crowded space. To learn more, request a demo today at www.authmind.com.