Securing your Company Data
next
EPAS is powerful - audits more than 200.000 accounts in companies in 25 countries on a regular basis.
EPAS mitigates risk – supports risk management by closing the password security gap.
EPAS is unique - the only solution worldwide to provide true enterprise password quality assessment.
/
EPAS Key Features

Universal Password Assessment

EPAS analyses the objective strength of passwords in selected target systems. Weak passwords are vulnerable to malicious cyber attacks. EPAS is able to assess unsalted, statically salted, as well as dynamically salted passwords. It is customized for system specific encryption and evaluates personal, as well as technical and system accounts.

Password Quality Enforcement Module

EPAS Enforcer is a password quality enforcement component, provided as a licensed feature of EPAS. EPAS Enforcer for A/D integrates as an LSA filter on the Windows Active Directory domain controllers and ensures that passwords meet defined security requirements when set or changed, in line with a centralized policy mandated by the risk category of the information they protect. The new password is tested against the EPAS evaluation criteria and is accepted or rejected, depending on the defined security requirements. This means that formerly permitted passwords like “Password123” or “Secret!” are not accepted any longer by the computer.

Detailed and Legally Compliant Reporting

EPAS generates audit reports for each audit job. An executive summary provides full text and graphical data to visualize and explain the passwords’ overall quality. Included are recovery reasons, structure, compliance status and various other statistical data. Passwords are never displayed in clear text.

Built on 15 years IT-Security Experience

EPAS was developed based on more than 15 years of IT-security auditing. The extensive experience of manual penetration tests sustainably shows that, without resilient passwords, all security measures are bound to fail. EPAS is unique and the only solution to offer a legally compliant view of your enterprise password landscape.

What our customers say
next

With the Password Quality Enforcer Module implemented, we are now able to control that, at the time of password change, a strong password is chosen – strong meaning resilient against real hacker attacks.

EPAS has helped us to increase our password security tremendously – a security problem we knew about and had to solve, but before had no means to truly control or monitor.

Having EPAS in place, we can always count on running the best software for password security. In addition we get to tap into the wealth of IT-Security knowledge and experience at Detack.

Features

Designed for Enterprises

EPAS has been designed to meet the needs of modern enterprises. More than 30 different systems and databases, ranging from IBM, SAP, Oracle to Microsoft, are supported. Legally compliant reporting offers all security relevant password data whilst respecting the protection of personal data and satisfying workers councils´ requirements.

Customizable Password Assessment

EPAS audits the recovered passwords against two criteria: a customized password policy and an objective, entropy-based set of rule. EPAS can simulate various attack methods used by cyber criminals, such as dictionary or brute force attacks. Dictionaries are customizable regarding language and customer specific vocabulary or terms.

Password Re-Use Report

Recovered passwords are checked for multiple use. A password can either be used several times by the same user on different systems or one password can be used by several users. Both situations pose a high security risk and are subject to immediate risk mitigation measurements.

Technical and System Accounts

In addition to “heartbeat” users, all technical and system accounts are assessed and evaluated by EPAS. These accounts authenticate by using either very simple passwords, default vendor passwords, or no password at all. Yet these accounts usually have the highest privileges and are sometimes even exempt from a password policy. The authentication of technical and system accounts to other systems is one of the largest IT security risks.

Notification by E-Mail

Automatic notification is used to prompt users to change their passwords if these are too weak or do otherwise not comply with defined audit parameters. The same feature automatically notifies the service administrator of a completed password audit job and the availability of a report.

Audit Jobs & Job Queuing

An intelligent job and queuing system permits programmable, regular password auditing with no job collisions. EPAS is highly scalable. It can process simultaneous parallel tasks and can audit millions of accounts on different systems over a single weekend.

Trusted Computing and Encryption

All data EPAS processes is permanently encrypted. Trusted Computing is used to seal the platform, an additional TPM chip secures software and data integrity by employing cryptographic methods. EPAS applies various hardware and software monitoring elements to detect physical or software intrusion attempts. Security failsafe mechanisms log events and shut down in case of intrusion attempts.

EPAS Supported Systems

EPAS can audit several types of systems, ranging from Microsoft products to IBM products (iSeries, zSeries, Domino) and other systems such as UNIX based systems, LDAP directories and the main database backends. The following system types are supported for account profile and password hash extraction:

Supported standard
target systems

Microsoft Active Directory Accounts

Microsoft Windows Local Accounts

IBM System z – zSeries – S/390 RACF (z/OS, z/VM)

IBM System i – iSeries – AS/400

IBM System p – pSeries – RS/6000 AIX

IBM Lotus Domino Application Server

BSD Operating System

Linux Operating System

Sun Solaris – SunOS

Apache Basic – htpasswd

SAP NetWeaver – ABAP AS

LDAP Authentication Server

See all

Supported application
specific data storage

MSSQL System Accounts

MySQL System Accounts

Oracle System Accounts

PostgreSQL System Accounts

Sybase ASE System Accounts

DB2 Database Custom Application

Informix Database Custom Application

MaxDB Database Custom Application

MSSQL Custom Database Application

MySQL Database Custom Application

Oracle Database Custom Application

PostgreSQL Custom Database Application

Sybase ASA Database Custom Application

Sybase ASE Database Custom Application

See all

Besides standard target systems, EPAS also supports application specific password encryption with data stored in several database types.

EPAS employs only legitimate, vendor approved methods for retrieving the password data from audited systems. By using such methods, there is no risk to crash the target and there are no potentially malicious activities falsely detected or reported by antivirus or malware detection tools.

“When I talk to people, everybody tells me this [EPAS] is impossible, regardless of how hard you wish for such a solution – for legal, technical, organizational reasons. It takes some time for them to believe me that it really exists.”

Karl-Ulrich Martin

Founder and Managing Director of Detack
Partners

News

MUNICH TECH DAYS 2016

Detack will be participating at the Munich Tech Days 2016 (13.07. + 14.07.). Come and join our workshop "The Password Zone – an Attackers View on Passwords and how to Measure Password Attack Resilience". Find out more

Launch of the PQENF – Password Quality Enforcement Module

EPAS Enforcer is a password quality enforcement component, provided as a licensed feature of EPAS. EPAS Enforcer for A/D integrates as an LSA filter on the Windows Active Directory domain controllers and ensures that passwords meet defined security requirements when set or changed, in line with a centralized policy mandated by the risk category of the information they protect. The new password is tested against the EPAS evaluation criteria and is accepted or rejected, depending on the defined security requirements. This means that formerly permitted passwords like “Password123” or “Secret!” are not accepted any longer by the computer. Find out more

U.S. Patent Granted for EPAS

Ludwigsburg, June 9th. Detack GmbH and its partner Praetors AG are proud to announce that the United States Patent and Trademark Office (USPTO) has granted the U.S. patent no. 9,292,681 B2 for technology employed by its Enterprise Password Assessment Solution EPAS. Find out more

Launch of Enterprise Password Assessment Solution EPAS in North America

Ludwigsburg/Germany, February 25 - Detack GmbH will be part of this year´s RSA conference to introduce its unique Enterprise Password Assessment Solution EPAS to the North American market. As an independent supplier of high quality IT security audits and in-house developed IT security products, Detack will be present in San Francisco from February 29 – March 3 as part of the German pavilion, North Expo Booth N4020/03. Find out more

RSA Conference 2016

Celebrating its 25th anniversary this year, RSA Conference continues to drive the information security agenda worldwide. Detack will be exhibiting at booth 4020/3 at the German TeleTrust pavilion. February 29th – March 4th 2016 Find out more

Need more information?

An error occured please try again!

Thank you for contacting us!