The Motion Picture Association (MPA) is the leading advocate of the worldwide film, television and streaming industry. Founded in 1922, the company today is championing the growing diversity of filmmakers, safeguarding intellectual property, advancing technological innovation, and supporting trade policies that can further expand the global film and TV marketplace. With operations in North America, Asia Pacific, Latin America and EMEA, the MPA maintains a global staff.
Given its geographically distributed nature and position in the high-profile entertainment industry, protecting against the threat of compromised passwords and password-based attacks like credential stuffing and password spraying is of critical importance for the MPA. Read on for more on how Enzoic is helping the organization do this effectively without adding any additional burden on the administrative team or introducing friction into the employee experience.
What type of password policy and authentication tool did you have before adding Enzoic?
We relied on the default Windows GPO Domain password policy. It has traditional complexity requirements, for example, mandating that passwords include different character types. Historically, this was a best practice of password security, but we began to have some reservations about the approach as guidance has recently shifted. The National Institute of Standards and Technology, or NIST, has come out against these character requirements, warning that they actually do more harm than good. Numerous studies have shown that people create weak passwords that can be easily guessed by threat actors when they are forced to use a combination of upper- and lower-case letters, symbols and numbers.
What were the relevant business, security, and technical drivers behind adding a password screening solution?
Threat actors are increasingly targeting credentials as a means to compromise the next institution, with Verizon’s most recent Data Breach Investigations Report finding they are among the most sought-after hacker targets, ahead of bank, medical and personal data. We wanted a solution that would prevent the use of compromised passwords without impeding employee productivity. In addition to the security concerns associated with complexity requirements, these and other outdated approaches to password management introduce considerable friction into the user experience.
Compromised credential screening has emerged as the best way to address these equally important requirements. Enzoic draws on a live database containing multiple billions of exposed passwords sourced from the internet, Dark Web, AI and human intelligence to eliminate the threat of compromised passwords in our environment.
Why / how did you select Enzoic? What set them apart from your alternatives?
As we were vetting credential screening providers, we were impressed by the breadth of Enzoic’s dynamic database. Another benefit is the fact that it’s continuously updated several times each day without any involvement or action from our side. This gives our team peace of mind that password security is addressed without adding any additional maintenance burden in the form of downloading new lists or manually updating the environment.
How did the technical deployment go? Anything worth noting?
Enzoic’s installation wizard made the deployment incredibly easy. We installed the software on all Domain Controllers and were essentially up and running. We had a few additional feature requests on reporting, which the team delivered on quickly and we now have a very robust reporting environment.
What capabilities of Enzoic do you feel have been most beneficial?
One of the biggest things for us has been the ease with which the solution monitors password integrity and alerts both the user and admin about any sign of compromise. Data breaches happen daily, and we are in a high-profile industry with employees spanning multiple locations and geographies. We need to ensure that our diverse user base is protected from the threat of compromised passwords, and Enzoic’s continuous monitoring gives us that assurance.
In addition, notification and remediation are fully automated meaning that this increase in password security adds no additional administrative burden. This has been key as it’s enabled us to strengthen our password environment without drawing IT resources away from other strategic projects.
How would you summarize the Enzoic solution in under 30 seconds?
Enzoic is an easy, intuitive solution to the complex password problem. It provides companies with their best line of defense against threat actors’ unrelenting assault on credentials. Since making the switch, our password management burden is lighter and our security is simultaneously more robust!
“Compromised credentials are a huge security concern for us, as hackers are increasingly exploiting them to infiltrate organizations.”
“The MPA needed a way to protect both our employees and our data from this threat, but it was equally important that the approach not impact user productivity or consume significant IT resources. Enzoic’s compromised credential screening solution enabled us to meet these dual goals. Drawing on a dynamic, continuously updated database of known exposed passwords, Enzoic gives us unparalleled credential security with no additional IT burden.”Dennis Yang, Chief Information Officer at the Motion Picture Association