Kingston Technology is a global leader in memory manufacturing, providing memory devices, modules and hardware to customers worldwide. With companies relying on Kingston’s products every day, protecting its 2,500 end-users from account takeover and other password-based attacks that could result in downtime and disrupt business continuity is essential. Kingston had been utilizing the native password security features in Microsoft Active Directory (AD). However, in 2019 the company realized that a modern approach was required to ensure compliance with NIST password guidelines and keep credentials secure.
“We Knew Passwords Were a Huge Weak Link…”
This is how Peter Rios, Manager of Information Technology Operations at Kingston, describes the company’s legacy approach to password security. He believed the native AD complexity requirements weren’t adequately protecting the password layer, and this was underscored when Kingston conducted penetration testing and discovered numerous weak passwords. In addition, AD lacked the ability to compare passwords to those leaked from previous breaches and available to hackers on the Dark Web—a gaping security chasm Peter feared hackers could exploit.
Kingston began searching for a better way to shore up password security, which led to Enzoic for Active Directory. The solution assesses the security of username and password combinations by comparing them against Enzoic’s continually-updated, proprietary database containing billions of compromised credentials. Enzoic’s threat research team utilizes several strategies to capture the broadest set of data at the earliest possible time, such as:
By screening credentials both at their creation and on an ongoing basis, Enzoic for Active Directory ensures that password security evolves in response to the latest breach data. Should a user’s information be detected, Enzoic automates remediation with a variety of configurable actions.
According to Peter, “This stood out as a truly novel security approach. Today, we have Google and other big tech players warning about compromised passwords, but Enzoic was ahead of its time. I hadn’t seen anything like Enzoic for Active Directory in the market and knew Kingston needed it to safeguard our passwords.”
An Automated Approach to Credential Security
Kingston’s implementation of Enzoic for Active Directory was straightforward, with the company obtaining actionable intelligence to enhance password security immediately. For example, they discovered numerous passwords containing “Kingston” as well as basic phrases such as “Summer2020.” With Enzoic’s Custom Dictionary, Kingston was able to easily incorporate these and other common and weak passwords into a banned list, thereby preventing their usage.
Before deploying Enzoic, Kingston’s IT team used to spend a significant amount of time on password-related issues and communicating credential guidelines to users. In addition, when the native AD security features flagged a password exposure both IT and end-users lost productivity due to resetting the password to gain access to the account. By automating both the password screening and the remediation, Enzoic eliminates this friction and makes password security a more seamless experience.
Strengthening the Password Layer through Stronger Passwords
After several years of using Enzoic, Kingston’s employees have gained a better understanding of what constitutes a strong credential. For example, in January 2023 Enzoic only blocked 2% of the passwords users tried to select—which is relatively low friction considering the size of Kingston’s employee base.
As Peter puts it, “Enzoic for Active Directory completely changed our approach to password education. Over time, the feedback provided by the password setting feature has led users to naturally select stronger passwords. With the increased blurring of personal and professional, I think this is something they’re carrying over into their home life, as well.”
Delivering on Kingston’s Mission with Better Password Intelligence
Given the rate at which new breach data is exposed, Enzoic’s ability to continually screen for compromised credentials is essential. A prevalent source of compromise is password reuse, where employees use the same password for work and personal accounts, thereby spreading the risk of data breaches across various platforms. In the first quarter of 2023, Enzoic’s monitoring found 265 previously secure passwords in Kingston’s environment that were subsequently compromised.
By quickly identifying and remediating the use of these credentials, Enzoic is helping Kingston deliver on its mission. Peter states, “We pride ourselves in providing superior customer service and protecting the manufacturing environment is a big portion of that. By enhancing credential security, we’re protecting against password-related attacks that could ultimately affect production and our ability to ship products in a timely manner.”
A Must-Have Solution in Today’s Dynamic Threat Landscape
In summary, Peter says, “If you aren’t using Enzoic for Active Directory, I can’t understand why. Any organization that wants to protect the perimeter and authentication and access needs this solution to ensure security without introducing additional friction into the user experience.”