Scirge 3.3 Version Released!
Scirge version 3.3 has been released, with tons of improvements and new features. We have a number of improvements to the quality of life for administrators and created a seamless experience for users when collecting credentials. We have also added customizable Tags that can dynamically associate based on your individual use-cases, such as AD group memberships or correlation of other Tags.
Transparent LDAP/AD Password Hygiene Checks
So far we have only been able to run our advanced LDAP password hygiene checks by using our login screen. Remember that this feature is essential to discover the reuse of high-sensitivity passwords in third-party websites. No other method besides collecting and comparing these secure hashes will allow you to discover such practices, thus automation of reused LDAP password resets and education of employees about their personal password hygiene are completely unique to Scirge. While the custom login screen still remains an optional method, we have added “Login domains” to enable a transparent collection of LDAP/AD password hashes. Third-party or even internal URLs should be defined here, where employees are already using their LDAP passwords. Once an employee logs in on a URL that is included in the “Login domains” list, Scirge will treat those as LDAP accounts identifying both the user and collecting crucial password hashes completely transparently, without any additional user interaction. Passwords are also evaluated in the browser for strength or any complexity rule that you have assigned to them, while secure hashes are compared to all of their corporate online accounts as well as breach databases. Amazing right? No endpoint client, nothing deployed on your Domain Controller, no lockouts or bad user experience, everything is fully transparent.
Tags are easily readable visible indicators that get associated to applications, people and accounts, to show the risks and trends of Shadow IT. With this release, we have removed to confines of built-in Tags and introduced custom manual and dynamic Tags, and also Tags based on LDAP group memberships. This allows you to create risk indicators that cover a larger topic and customize alerts based on group membership, that reflects a person’s responsibilities and privileges in an organization. It only makes sense to differentiate your triggers for a compromised administrator account, a C-level executive who fell victim to a phishing attack, or for other specific use-cases relevant to your risks or regulations.
Onboarding Faster Than Ever!
Once you deploy a new server, Scirge will automatically offer you the option to configure a monitor policy based on the email domain provided for the license. This one-click policy is a great start to begin monitoring corporate-related accounts without any fancy warnings or user interactions required. An onboarding progress bar is also added on top of the admin menu, that shows what steps are required for a complete configuration for most features.
We have reorganized the structure of our navigation, grouping Intelligence, Configuration, and System-related functions for a more clear navigation experience. Our Endpoint deployment process is also simpler, merging the download sections to avoid deployment of a wrong endpoint, and adding sensible defaults to make your onboarding an even smoother experience. Performance and detection capabilities are always in our focus, as well as the overall security of the product. With version 3.3 a number of improvements are introduced with this as well.
Our agenda for 2022 is as exciting as ever. We are building a full custom reporting tool that will enable time-based custom dashboards, providing instant intel about the progress of different indicators. Are people using more or fewer accounts? Better password hygiene, breached and reused passwords removed from the organization? All of these success stories will come alive in the form of dashboards and reports, so management will have an easy task reviewing the results and benefits of your deployment. Even better? Our auditing tool will come as a completely new approach, providing instant discovery of potential accounts and applications for the endpoints, including historical data. This estimation will be available without deploying browser extension, so an immediate assessment of potential Shadow IT volume will be available for any organization.
Excited? Click here to pre-register for a free audit, or ask us a question!
Scirge provides a unique approach to unveil and gain control over unmanaged third-party web accounts. Scirge tracks the websites employees use corporate email addresses to register on and log in to. Having a central dashboard of discovered accounts helps to reduce the risk of credential-related threats such as password reuse or account takeover (ATO). Scirge gives a level of control over SaaS usage to overcome Shadow IT. It also helps to ensure that your company complies with GDPR, CCPA, and other audit requirements.