Scirge provides monitoring and auditing of the passwords used by the employees on business computers while maintaining the highest level of security and confidentiality. It monitors web and cloud applications used by the employees in scope of identifying "Shadow IT", i.e. those applications that are not approved by the organization. With Scirge, organizations can reduce the risk of credential-related threats and avoid many serious security incidents. The scope of control covers any web and cloud applications, including applications used by the employees for private purposes.


Description of technology

Vulnerability Management

Scirge - makes early detection of security risks possible, among which are usage of company email address as a login for privately used applications (e.g. social networks, online stores); usage of the same passwords for many applications (password reuse), in particular the same passwords for private and business applications (e.g. a corporate Office 365 account); usage of weak passwords to access business applications; sharing logins between employees (account sharing) or identity theft (account takeover); usage of compromised logins (integration with Scirge operates with the highest level of security, confidentiality and reliability. Sensitive data (e.g. passwords) monitoring takes place only on user's computer, analysis of employees' passwords is carried out with checksums, which are sent to the Scirge server through a cryptographically secured communication channel. Control also takes place offline (in accordance with stored policies, after going back online a synchronization with the management server takes place). The implementation is very easy. Monitoring is driven by web browser extension installed on employees' work computers. That allows to see what applications the employees use and what login and password are entered. Operation of Scirge does not require communication through proxy or other device (as is the case, for example, in CASB). Scirge warns employees and builds security awareness in various sensitive situations, e.g. using a company email address on non business websites, entering easy-to-guess passwords (not meeting the requirements for password strength).

Helpful files