Michael Greene, CEO, Josh Horwitz, COO
Since 2013, over 9.7 billion data records have been lost or stolen due to global cybercrime and data theft according to a recent report by Breach Level Index, a global database of public data breaches. The largest event was Yahoo’s 2013-14 security breach, which compromised an estimated three billion user accounts. The attack vector used in the Yahoo breach was frighteningly common: user passwords.
A recent study by Verizon found that over 80 percent of data breaches are a result of weak or compromised user passwords. The main culprit, according to many security experts, is the tendency of users to have the same password across multiple accounts. Recognizing the need to balance user convenience with system security, enterprises are seeking proactive defense tools to protect their systems. Increasingly, they are turning to Colorado-based Enzoic’s (formerly known as PasswordPing) solutions and expertise.
Enzoic is a cybersecurity company that has created an innovative solution to protect enterprises against compromised credentials, unauthorized access, and fraudulent activities. Enzoic CEO Michael Greene explains, “Michael Chertoff, the former head of Homeland Security, once said that the password is by far the weakest link in cybersecurity. We recognized the truth in that statement and realized that in order to create a secure environment; organizations need to harden their password layer.”
Using a combination of manual research, customized tools, Enzoic has created a massive cloud database of compromised credential data that has been exposed on the internet and dark web.
The database is continuously updated for real-time results accessed through a secure API. Through the API, Enzoic screens client user accounts against the database and immediately alerts users with compromised credentials by prompting them to change their password. “By checking each login against billions of previously exposed username and password combinations in real time, Enzoic helps businesses prevent account takeover attacks,” observes Enzoic COO Josh Horwitz.As opposed to risk based authentication security solutions that only discover suspected malicious behavior, Enzoic definitively identifies that credentials are no longer secure. The organization then take steps to mitigate risk which may involve limiting access or stepping up authentication by requesting a password reset. This approach substantially reduces the risk of account takeover while minimizing user irritation and customer alienation.
A recent example of Enzoic’s success is from a major retail client that realized cybercriminals were using credential stuffing attacks to access customer accounts and make fraudulent purchases. The retailer sought a solution that would prevent the hackers from compromising the login credentials without disrupting their customers. Enzoic introduced its technology to the client’s systems and quietly checked user credentials behind-the-scenes. “If compromised credentials were found, any previously stored credit card details would be dropped to avoid unauthorized purchases,” explains Horwitz. A representative from the retail client observed, “Consumers frequently reuse the same passwords and even full account credentials across multiple online services. This makes it hard for e-commerce sites like ours to protect customers from hackers using credentials exposed in third party data breaches. We liked Enzoic’s innovative approach to checking for compromised credentials to help us block account takeover attacks.”
Since its inception in 2016, Enzoic has built an impressive track record of clearly identifying and addressing security threats with its novel solution. Through direct sales and robust industry partnerships, Enzoic’s solution has realized market acceptance and is well-positioned for the future. Going forward, Enzoic’s plans include enhancing the authentication solution, overhauling its capabilities in protecting asset directory, and delving deeper into automated threat research. “We already have numerous tech and security companies using our tool but we also look forward to expanding our partnerships with more leading identity and access management solution providers,” concludes Greene.