Scirge Version 3 Released!
As our next milestone, we are introducing version 3 of Scirge. We have added two modules, new license versions, and lots of new functionalities and use-cases, while improving on existing features. Let’s start with the most important feature: the launch of our cloud intelligence feed.
Horizon Cloud Intelligence
While 90% of our indicators are created by local data collection and correlation, there are a few indicators that we wanted to include to expand your horizon into focusing on breached passwords and web app reputation. With the help of Horizon, we are now able to check the password hashes captured in browsers against passwords that have already been breached. This is a huge step towards protecting corporate accounts, as these lists are publicly available to any malicious actors for credential stuffing, password spraying, targeted phishing, extortion, and other attacks.
When a password hash matches a breached password’s hash or a known common password, we tag that account accordingly, so that IT and Security administrators – as well as your employees – may be warned about necessary password changes. We use K-Anonymity for comparing hashes, so we don’t even “leak” the hashed versions of your corporate credentials as only the first few characters of the password hash are used for these checks.
Beyond password protection, Horizon provides additional metadata about the applications that your employees are accessing, including a reputation score, blacklist checks, incorrect server or certificate settings, geographic region, or domain age—plus a general screenshot of the website. These indicators are associated with tags such as Untrusted, Fresh Domain, SSL Issues, and others.
Combining application and domain reputation with local data can result in completely new use-cases, such as the detection of potential phishing attacks, when a recently registered domain is used with credentials belonging to other applications.
For a complete guide to our new and existing tags and some suggested use-cases, check out our Understanding Tags Guide, as well.
Active Directory Password Protection
This module was created based on feedback we received from our partners and customers. Due to regulations (and common sense), organizations need to protect their AD accounts and passwords using different methods. Although some of the existing regulations have confusing or contradicting requirements, it seems to be clear that Active Directory does not provide sufficient password complexity and password hygiene capabilities.
As a first step, we have expanded our password complexity rules with options such as checks for repeating characters, sequential characters, keyboard sequences, dictionary, or contextual words. Additionally, with the use of Horizon, we can also discover breached or common AD/LDAP passwords. We have also extended our algorithmic password strength tags to show otherwise-weak AD/LDAP passwords.
Now, when users authenticate via the endpoint login screen in their browser, we can open up complete visibility into Active Directory password hygiene and password reuse. This is so important, as the most prominent attack vector in hacking is the use of stolen credentials. With the rise of enterprise SaaS services, these accounts have become more and more valuable and easy to capitalize on.
On top of these, you can also upload your custom password blacklist for regional, industry, or company-specific reasons. These may also come in the form of hashes, so other local non-AD integrated application passwords may also be checked for reuse in the case of an investigation or suspicious activity.
Awareness and Alerting Capabilities
With the new indicators and use-cases, we felt the need to improve on our alerting capabilities and integrations. Alerts have now a custom-defined recipient list available, and you can customize messages via templates using optional variables to make them dynamic and reusable. We also added the capability of warning the users themselves who were directly affected by the events so that they can resolve issues with weak, reused, or otherwise improper passwords. We believe that this enables automation and better awareness, ensuring that the thousands of accounts that constitute your cloud footprint do not overburden your security processes.
To further enable automation, we have added an option to the alerting module to call third-party APIs when the alert is triggered, so you can directly integrate it into your ticketing, SOC, SOAR, or other services. You can also start being creative, for instance with SMS or voice integration, adding more layers of awareness messages beyond our existing in-browser capabilities.
Licensing
Horizon Cloud Intelligence and Active Directory Password Protection will come in the form of add-ons for our Scirge Essentials version. We have created a Scirge 360 license that includes both, along with the multi-browser add-on, which enables separate license calculations for supported browser types. By the way, 360 comes with our commitment that we will include all future add-ons as well, providing maximum value for your investment.
Improvements
We are constantly upgrading our efficiency, detection capability, and usability. Version 3 also comes with lots of other minor improvements and optimizations. In case you’d like to get an overview of Scirge, take a look at our datasheet.
What’s Next?
As you can imagine, we have tons of ideas ahead of us on our roadmap. We release new versions frequently, so check back soon or follow us on LinkedIn to stay updated!
Do you have any questions, or do you feel like trying Scirge? Do not hesitate! It’s quick and easy to set up! Drop us a message, and let’s have a friendly chat.
About Scirge
Scirge provides a unique approach to unveil and gain control over unmanaged third-party web accounts. Scirge tracks the websites employees use corporate email addresses to register on and log in to. Having a central dashboard of discovered accounts helps to reduce the risk of credential-related threats such as password reuse or account takeover (ATO). Scirge gives a level of control over SaaS usage to overcome Shadow IT. It also helps to ensure that your company complies with GDPR, CCPA, and other audit requirements.