Amid the billions of credentials that are breached each year, security teams are focused on one core question: do any of these breached passwords really provide access to my company’s systems?
That is precisely why, in July, we announced the first of our automated actions – the ability to validate credentials in SearchLight. In this blog, I wanted to go into a little bit more detail to outline the four different options for credentials validation.
The most popular method for validating a credential is through defining the password format. Most organizations now have password policies for employees, including requirements for minimum lengths and the type of characters that must be included.
SearchLight users can validate credentials based on their password policies, as it shown in Figure 1. What if you require 20 characters and either must contain a special character or a number? No problem, you can specify that in the configuration module.
Email Address Format
As well as the format of the password, it is also possible to specify the format of a username. We provide the most common formats, such as firstname.lastname@example.org, but users can also opt to enter in custom format. Some security teams have different formats for different domains, and so there is the ability to set up unique formats for each domain you own.
For users that wish to validate emails via a cloud directory platform may be configured to use for validation. An integration is required with one of the available directory platforms.
Once the Okta integration is enabled, you may enable validation of the email address.
Email List Upload
Not all organizations have a cloud directory or defined credential formats. A final option for credential validation, therefore, is through an upload of an email list. Users simply export their most current directory and upload a csv to the SeachLight portal. This is particularly useful at weeding out those users that have since left the company.
Save Precious Triage Time
The most important benefit of these credential validation methods is the time savings. It can take hours of time for security teams to understand if the exposed credentials represent a valid threat to the company. Not only do these validation checks save that valuable time, but users can also opt to automatically reject alerts if they do not pass a validation check.
If you have any questions about SearchLight’s exposed credential monitoring, get in touch!