Scirge
MORE INFORMATION: https://scirge.com/
Description of technology
SCIRGE - Early detection of security risks is possible, among which are usage of company email address as a login for privately used applications (e.g. social networks, online stores); usage of the same passwords for many applications (password reuse), in particular the same passwords for private and business applications (e.g. a corporate Office 365 account); usage of weak passwords to access business applications; sharing logins between employees (account sharing) or identity theft (account takeover); usage of compromised logins (integration with haveibeenpwned.com). Scirge operates with the highest level of security, confidentiality and reliability. Sensitive data (e.g. passwords) monitoring takes place only on user's computer, analysis of employees' passwords is carried out with checksums, which are sent to the Scirge server through a cryptographically secured communication channel. Control also takes place offline (in accordance with stored policies, after going back online a synchronization with the management server takes place). The implementation is very easy. Monitoring is driven by web browser extension installed on employees' work computers. That allows to see what applications the employees use and what login and password are entered. Operation of Scirge does not require communication through proxy or other device (as is the case, for example, in CASB). Scirge warns employees and builds security awareness in various sensitive situations, e.g. using a company email address on non business websites, entering easy-to-guess passwords (not meeting the requirements for password strength).