SOLUTIONS  > THREATSTATUS

We partner with ThreatStatus to provide security solutions for both organisations and their end users to ensure good security around credentials. Passwords are not enough, more protection is needed.

Why Monitor for Leaked Credentials?

Usernames and passwords are the fundamental door keys to your (and your customers’) most critical business secrets. These keys are leaking every day.

Whilst you cannot prevent credentials being leaked, you can notify people and organisations immediately that it has happened to them in order that they can change their passwords and save them from being the victim of fraud or further fraud.

Our Technology is used
by MSPs around the world to
protect their customer networks.

TRILLION

Corporate Credential Leak Detection

Usernames and passwords are frequently an organisations primary line of defence when it comes to protecting systems and data.

Occasionally additional layers of protection might be deployed such as 2FA (Two Factor Authentication), but this is rarely deployed across every high value application used by a business.

Attackers know this too. They know that there will be systems in your organisation that don’t have 2FA protection, either because it’s too complex to deploy or it is not even supported. The result is that most systems usually only require two pieces of information before allowing access to your data. One of those is a username (usually this will be a company email address – a public piece of information) and the second is a corresponding password. That’s all that’s needed to access your company secrets. Secrets like financial records, perhaps remote control of IT systems like a DNS server, or the ability to read company files.

That means there are probably only a few characters protecting your business systems from unauthorised access.

Solution Highlights
  • Trillion constantly monitors the billions of account credentials passing through dark markets and criminal forums, looking for the few hidden accounts that might affect your organisation.
  • Intelligent risk engines identify which leaked usernames and passwords have the greatest potential to result in corporate damage.
  • Trillion leverages the power of crowds by letting employees play an active role in verifying discovered data and securing your organisations
  • Data filters and automatic live account detection makes data discovered by Trillion easy to navigate and validate, even for the largest organisations
  • End user interaction enables better engagement and educational awareness of security issues
  • The management of business threats are perfectly balanced with the protection of user privacy. Built-in safe-guards secure the enterprise and your users simultaneously.
ARC

Customer Credential Stuffing Protection

When it comes to building applications intended for public facing use, high levels of security need to be baked in, but it can be a challenging balance to implement robust security controls without damaging the user experience.

Traditional security controls designed for enterprises often aren’t a good fit for consumers. Customers want to be able to get access to services and execute their actions quickly and without any hassle. However, the reality is one of the biggest vulnerabilities to internet applications are the users themselves, and specifically their password behaviour.

End users don’t understand the risks associated with weak password choices, or that using the same password across multiple applications introduces a security risk to your online service, but more importantly they don’t really care.

Weak password choices and password reuse amongst internet applications remains a top security threat to online service providers. ARC is specifically designed to minimise that threat with zero impact on the user’s authentication experience.

Solution Highlights
  • Improve B2B and B2C authentication security and reduce fraud attempts to your public facing applications with zero additional user friction
  • Instantly check your subscriber logins and signups against billions of already leaked user credentials from 3rd party data breaches
  • Supports username and password pair or email and password pair leak checking
  • No added requirement for your existing or future subscribers to interact with SMS or 2FA tokens which could result in user drop off
  • Complete security and privacy of checked user credentials using known and trusted existing cryptographic algorithms
  • Sub-second check and respond API’s ensure rapid risk decisions can be made
  • Easily integrates in parallel into your existing application authentications processes to remove any risk of application performance impact