StealthINTERCEPT 5.2 is Here!

Windows Active Directory Password Policy Enforcement

Request A Free Trial

Powered by ChronoForms - ChronoEngine.com

The STEALTHbits Enterprise Password Enforcer is a password policy enforcement tool for Windows Active Directory that provides on-premise and Hybrid password protection.

Using a curated dictionary of known compromised passwords and dozens of password filters, StealthINTERCEPT Enterprise Password Enforcer safeguards your organization from authentication-based attacks.

Some highlights of the new release include:

Enterprise PAssword Enforcer

In 2016 the Verizon Data Breach Investigations Report (DBIR) stated that 63% of confirmed data breaches leverage a weak, default, or stolen password. The 2017 Verizon DBIR reported that 81% of hacking-related breaches leveraged either stolen and/or weak passwords. And in the 2018 DBIR, use of stolen credentials remains a number one action in breaches. Attackers have demonstrated a consist ability to compromise accounts by leveraging passwords from prior breaches. For that reason, NIST Special Publication 800-63B (Authentication and Lifecycle Management, section 5.1.1.2*) recommends the use of “Memorized Secret Verifiers” such as the StealthINTERCEPT Enterprise Password Enforcer to reduce an attacker’s chances of compromising credentials.

StealthINTERCEPT 5.2 expands on the capabilities of STEALTHbits Enterprise Password Enforcer to include:

Custom complexity - the ability to reject specific passwords that do not contain the characters from a set list. This is configurable on both the numeric and character level. Curated dictionary - the ability to reject passwords based on the fact that they are vulnerable to attack from a dictionary or hybrid cracking algorithm.

  • Previous breach corpus - the ability to reject known compromised passwords from previous breach corpuses that are more susceptible to credential stuffing attacks.
  • Length enforcement - the ability to reject passwords based on how many or few characters.
  • User display/logon name rejection - the ability to reject passwords that are similar to the user’s display/logon name.
  • Special character enforcement - the ability to reject passwords that do or do not contain specific characters.
  • String rejection - the ability to reject passwords that contain user-defined strings (e.g. Reject passwords with “stealth” anywhere in the password).
  • Incremental digit avoidance - the ability to reject passwords that end in a number.
  • Keyboard pattern rejection - the ability to reject passwords that contain keyboard patterns (e.g. Qwerty)
  • Sequential character rejection - the ability to reject passwords that contain sequential characters.
  • Repeating character rejection - the ability to reject passwords that contain character repetition.
  • Unique character enforcement - the ability to reject passwords that do not contain a minimum number of unique characters.

Resources

StealthINTERCEPT

Data Sheet

Learn More

Active Directory Security Monitoring: The 5 Most Critical Points

White Paper

Learn More

Enterprise Password Enforcer

Data Sheet

Learn More