Shadow IT.

An Ever-Growing Concern for Organizations.


Businesses rely heavily on third-party web-based apps and services. Countless online accounts are created and used by employees each day on SaaS (Software-as-a-Service) cloud platforms to tackle each task that the business requires.

For instance, the marketing team has access to newsletter services, online creative tools, and social media tools; HR has access to job portals and HR software; the sales team utilizes CRMs and lead generation tools.

Most of these accounts are created ad-hoc by employees, which means that they are unmanaged and unknown, creating a tremendous amount of risk and IT management overhead.

Did you know?

On average, companies use hundreds of SaaS apps. Each employee has tens of individual SaaS accounts. This results in thousands of self-serviced, unmanaged accounts.
Read our blog post: Shadow IT: What It Is And Why It Is An Alarming Security Concern For Every Organization.

Shadow IT refers to resources utilized without the knowledge of the company's IT department. This can include hardware and software, though it mainly refers to cloud-based SaaS applications. Shadow IT is a hotbed for malicious activity against corporate resources. Attack techniques such as credential stuffing, password spraying, and account takeover are mainly successful due to Shadow IT and password reuse.

Unlike corporate accounts—such as Active Directory (AD)—these are mostly unknown to IT.

If employees leave the company, they may still have access to these accounts.

Users don't like passwords—they tend to either use weak ones or reuse corporate credentials.

According to reports, billions of accounts are breached every year ending up in combo lists.

Leaked credentials can be used to gain unauthorized access to corporate resources (credential stuffing).

Breaches and password reuse are the main culprits for account takeover attacks.

These accounts are often shared among employees, creating ownership issues.

If an audit is required, it's almost impossible to manually collect the usage data of web accounts.

The vast majority of such accounts are used for short periods, left unused and unmonitored forever.

Overlapping and orphaned accounts can result in unnecessary expenses.

Download our Datasheet

Meet Scirge.

The word Scirge is originated from the Old English word scirgerefa, which was the predecessor for the word sheriff. Scirgerefa meant "local official of a shire", scir meaning "shire" and gerefa meaning "officer".


Scirge: Your Online Business Web App Account Officer

scirge manage online business accounts logo

Scirge provides a unique approach to unveiling and gaining control of unmanaged third-party web applications used by employees or business units, without the oversight of IT or security departments. It reveals unknown web apps and manages password hygiene issues such as shared accounts, weak passwords or account reuse for employees using corporate email addresses as credentials. Scirge enables you to have control and visibility over your company’s SaaS usage to help you reduce the IT operational overhead and cost relating to unsanctioned Shadow IT usage.

Scirge - Explained in Two Minutes

Cloud Web App Inventory and Intelligence.


Scirge helps to track corporate cloud web app usage in order to create a full inventory of SaaS and cloud apps that account for costly Shadow IT spending and operational overheads. Scirge enumerates accounts for each web app and helps IT administration to understand the who, what, when and where of Shadow IT for the first time.

Trends of application usage and indicators of risky websites are tagged for visibility into Shadow IT.

scirge inventory tags

Cloud Consumption Trends

Configurable tags with custom thresholds give you insight into application usage trends amongst all employees. Underutilized or abandoned applications will unveil the need for changes in business requirements or unnecessary subscriptions. Discovering overlapping subscriptions and widely adopted applications help your C-level executives understand the progress and potential flaws of cloud adoption and digital transformation.

Deep Visibility into Shadow IT

Inventories include deep insights of applications, including metadata collected directly from browsers, such as privacy policies, terms and conditions, and social links. HCI provides intelligence, including domain reputation, country of origin, as well as revealing potential phishing or unwanted sites. Scirge also correlates usage trends to discover which services have been popular, trending, or abandoned by your employees, enabling decision-makers to figure out what tools users are missing or if users prefer a better digital experience.

Key Features

  • Detect Any Web App
  • Automatic Metadata Collection
  • User-level App and Account Inventory
  • Abandoned App and Account Detection
  • Underutilized App and Account Detection
  • Trending and Popular App Tagging
  • Application Usage Intelligence
  • Web App Reputation

Download our 4 Steps to Conquer Shadow IT Flyer

Account Protection and Awareness.


The Scirge Endpoint can perform password hygiene checks, allowing it to discover if passwords have been reused from other cloud apps or your Active Directory. Red flag events are pinpointed, and alerts to users and security administrations or third-party APIs can be configured. Scirge also tags shared accounts that are used by more than one employee, as well as accounts that seem to be abandoned by users.

These tags reveal when unsecure passwords are created, or when accounts are misused from a security or compliance perspective.

scirge account tags

Password Hygiene

According to NCSC, "Passwords need to be protected within your system, even if the information on the protected system is relatively unimportant." The number one challenge for this is controlling employee-created accounts on third-party websites. This is why each password entered into a browser is rigorously checked for weaknesses by Scirge. Custom password complexity rules are available to match regulatory requirements, and the algorithmic password strength is also calculated at the endpoints. Passwords are hashed locally on the endpoint, so their cleartext form is never sent or stored anywhere else—only industry standard secure hashes are stored at the Central Server database, so password reuse, password sharing, or the use of already breached passwords can become visible to your security departments.

Active Directory Password Protection

In-browser user authentication enables AD/LDAP passwords to go through the same hygiene process, enabling compliance requirements that are often heavier than what AD and other directory services' configurations allow. Identifying Active Directory passwords that are reused in third-party web applications is a red flag indicator of account security, because stolen Active Directory accounts allow seemingly legitimate access to local networks and other integrated cloud services. Protecting your Active Directory accounts should be your top priority, as industry analysts agree that stolen credentials are used in 80% of successful attacks.

Customised Learning

Alerts may be configured to trigger based on policy matches, password strength, complexity violations, or the detection of auto-filled passwords. The combination of awareness messages with policy rules for the appropriate account usage – such as blocking distributed emails or blacklisting VIP email addresses for registrations – allows you to protect high-value assets while constantly reminding users of the expected behavior and corporate policies.

Awareness and Education

In-browser awareness messages allow for an immediate response when employees are accessing unwanted services, or using blacklisted emails (such as VIP, internal, or distributed email accounts) with weak credentials. You can also set up automated awareness campaigns for specific use-cases via our API integrations, ensuring that your employees are warned and educated on multiple channels, such as email or even SMS. Users learn immediately, gaining knowledge based on their actions, rather than classroom-based formal education covering general policies. Scirge also provides metrics showing overall password hygiene, as well as the exact metrics for measuring the success of these training efforts.

Key Features

Centrally-managed policies based on:

  • Corporate Email Domains
  • Corporate Email Addresses
  • Target URLs

Password Hygiene Checks:

  • Password Complexity Validation
  • Password Strength Metering
  • Password Reuse Detection (AD/Web)
  • Password Autofill Detection
  • Password Expiration Tracking
  • Password Breach Tracking
  • Custom Password Blacklist

Awareness and User Education:

  • Popup Message
  • Banner Message
  • Browser Redirection
  • Multiple Trigger Rules
  • Email and API-based Alerting

Check Out Our Blog for Interesting Articles on Shadow IT

Compliance and Risk Assessment.


Shadow IT applications should be embraced, because they serve legitimate and valuable purposes for employees and business departments. Without visibility into these services, however, your organization cannot assess privacy requirements, delegate data ownership, plan business continuity, or conduct business impact analysis. Scirge’s automatic app data collection includes the privacy terms from each web application accessed by users. Privacy and compliance managers have the ability to review the terms of heavily-used apps to include them in risk assessments, business continuity and other policies, ensuring that they comply with GDPR, CCPA, ISO, NIST or other regulations and frameworks.

Logins on risky websites, usage of weak or shared passwords, and impersonating other employees are all indicators of misconduct and violation of regulations.

scirge compliance tags

Risk Assessment

Scirge detects when the accounts of VIP users, ex-employees, or otherwise important users' accounts are being accessed by others, unveiling potential impersonation and insider threats. When multiple employees are using the same credentials, conflicts over the segregation of duties arise in the breach of several regulatory requirements. These shared accounts are highly relevant for internal web applications, as well – especially in the financial and HR departments, but also for high-privilege users and IT staff. Users accessing an unusually high number of apps or providing a lower-than-required password strength may also be flagged, either for review of conduct or assignment to further training.

Automatic Terms Collection

Scirge collects privacy policies and T&Cs from all applications that employees access which are monitored via policies. By combining usage trends, such as popularity, with geographic data and reputation, compliance departments can identify which services are potentially critical or risky. Terms of these services may then be evaluated and integrated with existing corporate policies, while users may be warned and educated for proper use. Illuminating shadow IT turns it into a controlled and manageable part of your technological ecosystem, lowering your regulatory exposure.

Key Features

  • Shared Account Detection
  • Power User Detection
  • Active Directory Password Reuse Detection
  • Inactive & Disabled AD Account Reuse Detection
  • Identity Misuse Detection
  • User Authentication
  • Automatic Privacy Policy Collection
  • Automatic T&C Collection
  • Blocking Capability

Want to See It in Action?

How Does It Work?


Scirge is easy to deploy and manage. Corporate SaaS accounts can be tracked down and discovered quickly. The Central Server is responsible for management, while the Endpoints collect information from Chrome, Edge or Firefox browsers. Based on centrally-managed policies, Scirge monitors and collects company-related credentials and all relevant information from the given website to build a local inventory for your cloud security purposes. Users may be alerted or redirected for awareness training when they are at risk of breaching certain policies. Scirge works locally and even offline, building a local app and account directory for organizations based on the actual usage.

  1. Endpoint Browser Extension

    A browser extension is deployed to endpoints, which can be done manually or centrally (via GPO, for instance). The Endpoint Browser Extension component fetches active configuration and policies and monitors the web account registrations and logins based on those specifications. It might block such action or warn the user; alternatively, it can silently log or ignore the action.

  2. Central Server

    The browser extension securely communicates with the Central Server to fetch active configuration and policies in order to send logs back. The Central Server collects, stores, and processes the data to provide useful, detailed log entries and analytics. The Central Server is where Administrators and IT Security Officers can create policies to set the behavior of the system.

  3. Evaluation and Update

    As time goes and data is collected and analyzed, policies can be fine-tuned to match the environment and business needs. There are numerous options to specify the policies—creating exceptions and global catch-all rules is simple.

Architecture

Scirge is easy to deploy and manage. The Central Server—deployed as a local Virtual Appliance—is responsible for the management, while information is collected from Chrome, Edge, or Firefox browsers via our Endpoint Browser Extension (EBE), without needing a full-blown endpoint agent.

Policy-based Workflow

The Scirge EBE monitors and collects company-related credentials and all the relevant information from websites, and it does this based on centrally-managed policies. Users may be warned or redirected to awareness training via in-browser alerts when they are at risk or if they breach policies.

Enriched Inventories

Data collected on the Central Server is enriched with usage-related metadata based on custom threshold values and rules. Accounts and securely hashed passwords are correlated to discover password reuse, account sharing, and indicators of potential internal fraud or misconduct, all without ever storing cleartext passwords. Intelligence comes into play in the form of easy-to-read tags that can be used for correlation and investigation.

Cloud Intelligence

With the help of the Horizon Cloud Intelligence (HCI) service, further metadata enrichment is available, including domain reputation and blacklist checks. HCI also verifies hashed passwords against known database breaches and common password lists or combo lists, further securing your accounts against account takeover attempts and brute-force attacks.

Key Features

  • Syslog Integration
  • SMTP Integration
  • LDAP Integration
  • API Integration
  • Role Based Access Control
  • 4-eye Principle
  • Audit Logs
  • PII Anonymization
  • Endpoint Authorization
  • Double-Encrypted Communication

On-demand Product Tour

Pricing


Licensing is based on the number of Endpoint Browser Extensions used. There are two different editions of Scirge. Scirge Essentials provides the core features and functionality, which can be further enhanced with Add-ons. Scirge 360 is our bundle edition, which provides access to all features. We also offer Subscription and Perpetual licensing model depending on customer needs.

Partners


Join the Scirge Partner Program

Scirge is a unique solution to help organizations solve the problem of Shadow IT. We invite you to join our Partner Program to grow your business and help your customers secure their digital transformation and cloud app consumption. Scirge is fully committed to its channel partners, join us and increase the value of your offerings with our unique platform.

Resources


Download our Datasheet

Download our 4 Steps to Conquer Shadow IT Flyer

Download our Understanding Tags Guide

Check Out our Blog

Register for Webinars

On-demand Product Demo

Try it for FREE

Frequently Asked Questions

Got a question? We've got answers. If you have some other questions, don't hesitate to contact us.

Password and identity management (PIM/PAM/PAS) software are extremely important and can be the very base of a solid IT Security strategy. However, such software focuses on managing and storing passwords of known and managed accounts. Scirge is different in the sense that it sits on the endpoints and monitors in real-time what email accounts are used to register and log in to websites. Scirge doesn't store the passwords itself as these websites are completely independent systems from the companies' infrastructure (which is the main reason why such solutions don't cover the problem of unmanaged web accounts). Employees many times create these accounts on-demand, hence these never get put into the password safe and remain unmanaged and unknown to the IT department. Scirge can detect these and keep a repository, and it can also block these actions or provide educational awareness notifications. In an ideal scenario, both Scirge and password management software is used.
2FA authentication is great and whenever it's supported should be enabled and used. However, it's not a solution to all problems. Let's say that an account gets compromised where 2FA is enabled. Attackers might not be able to use the leaked credentials to log in to the given service, but they might be able to use it directly or indirectly to gain unauthorized access to other resources. For one, the problem of password reuse is real and can undermine the protection that 2FA and similar security layers might provide.
Modern web filter software or next-generation firewalls (UTMs) often have granular application control capabilities. This is good if you need to monitor/block certain applications or application categories. However, these solutions will not reveal what account was used to register/log in to a certain web application. For the most part, these can only show if a given web app was used in general, but it lacks context. Scirge, using the Endpoint Browser Extension monitors the form fields directly giving all the information needed to have a list of the accounts used.
There are two major components: The Central Server and the Endpoint Browser Extension. The Central Server comes in the form of a virtual appliance that you can deploy in your environment with a few clicks. The Endpoint Browser Extension comes in a packaged format for the given browser, which can be installed manually (useful for small environments or testing and evaluation, for instance) or centrally via Active Directory Group Policy. Of course, some parameters need to be tweaked according to the given environment, which are covered in our documentation.
Currently, Chrome, Firefox, and Edge are supported. According to global statistics, these browsers combined have approx. 80%+ of the browser market share (worldwide).
Currently, IE is not supported. Though based on surveys, for the most part, IE is used for intranet traffic and users tend to use Chrome or Firefox for normal browsing. Plus, with the introduction of Edge, IE seems to be less and less used.
We use volume pricing hence our pricing scales with the size of the company. The more Endpoint Browser Extensions are quoted, the less the unit price is.
In that case, our Central Server won't get this information. Though it's worth mentioning two things:
- If the colleague later logs in to the web app from a monitored endpoint then we'll catch and record it.
- As in most cases when it comes to IT Security, there is no way to provide 100% coverage, and that's not even the plan. The main idea is to educate the employees about the risks and to uncover as many unmanaged web accounts as possible.
If the account is used to log in again after Scirge is deployed, the event will be detected and reported back to the Central Server.
It mainly depends on how the extension was deployed. There are options to deploy it as a company restricted extension, which the user won't be able to disable or uninstall.
Not at all. For the most part, Scirge is not visible to users, in most cases, Scirge just silently monitors the website registrations and logins. Even if a policy is set to Warn or Block action, you can still show educational messages in the form of popups, banners, or redirects. This way if a certain access is blocked the user will quickly see this message, which helps to make it clear what happened.

Our Mission


We founded Scirge to fill a gap in the IT Security and Management field. Scirge specializes in helping modern organizations discover, secure, and manage their cloud footprint.

Our mission is to reduce management overhead, facilitate compliance, and reduce exposure to credential-related threats.

We do that with our innovative, high-quality software and services while remaining agile, fast-moving, and customer-friendly.

Let's Talk!