The number one risk of any IT security architecture, no matter how thorough and extensive, remains the human factor, and implicitly the way users interact with the IT environment through the use of passwords. A random sampling of this interaction has shown that more than half of all passwords in use within corporate environments do not satisfy minimal security standards.
Detack GmbH together with Praetors AG have developed epas™ as a solution offered as a service, for automatic and regular assessment of password strength for a wide range of systems. epas™ addresses the overwhelming issue of maintaining secure passwords, without the burden of tokens or smart cards, in large enterprise heterogeneous environments containing Microsoft® Active Directory, IBM® System z, SAP® or various other components. epas™ can also interact with the audited system in order to prevent the usage of weak or otherwise predictable passwords.
Combining more than a decade of security auditing experience, epas™ offers a successful combination of German thoroughness and Swiss innate privacy protection into an effective permanent audit solution to complete and complement a client’s data center. Employing only legitimate ciphertext extraction methods, epas™ generates no system stability risk for the target, and the scalability available with the addition of processing modules allows for a simultaneous audit of millions of accounts.
All the passwords in the target IT environment are analyzed against the available security policies and a comprehensive report is generated while maintaining complete privacy with no clear text passwords displayed or becoming known. epas™ takes into account all legal requirements for protecting users’ private data.
A more in-depth presentation of the epas™ solution can be found here.