Sometimes we focus so much on locking all the other doors that we forget to lock the front door. Or, we think that nobody would ever be bold enough to break in through the front door, and having any lock on the door is therefore sufficient. But today's persistent threats hide behind the veil of anonymity, and are bold enough to try the front door. They may already be trying yours – will they be successful?
All it takes is one user with a weak password to allow an attacker access to your network.
Passwords are your first line of defense against unauthorized access to your organization. Knowledge of a user's password provides a direct entry point for an attacker to enter your organization, allowing them the opportunity to begin stealing secrets and perform reconnaissance on your internal network.
You may think your front door is locked. But the truth is, most corporate password policies encourage users to select weak, predictable passwords. Even if you lock out accounts after a certain number of invalid attempts, you are not protected against a persistent attacker who attempts to login to many accounts with only three or four top passwords.
Password audits enable you to validate the effectiveness of your password policies, and identify users who are selecting weak passwords. A comprehensive audit performed by SCG's highly skilled team of experts allows you to quantitatively measure the actual risk posed to your organization from ineffective policies and under-trained users.
"Doing password audits on your own systems will effectively help you with verifying password compliance against the written password policy. This is the best way of finding the weak spots, such as accounts where the password equals the username (a very common finding everywhere actually). You are simply blind to the risk of bad passwords as long as you don't audit them properly."
- Per Thorsheim, CISA, CISM, CISSP-ISSAP. Organizer of the Passwords security conferences.
During an audit, SCG applies the same techniques utilized by actual attackers, refined with years of experience and real-world data. In order to simulate an attacker with months to work on your password databases, SCG operates several high-performance clusters that are capable of cracking passwords at a rate of nearly 400 billion guesses per second, and can simulate weeks of advanced, persistent attacks in a matter of hours. And unlike other password auditing services, we own and operate all of our own hardware – SCG does not use any "cloud" providers, so your data remains in our possession, under our control, and secured according to our own security policies.
Contact us today to schedule your audit!