“A Fine Balance of Security and Ease of Use”: Enzoic’s Solution for Enhanced Cybersecurity
At any given moment, millions of compromised user credentials – primarily passwords – are circulated across the Internet and Dark Web from past data breaches. Reuse of passwords by users across their online accounts is fertile ground for cybercriminals harvesting username and password combinations for credential stuffing and account takeover attacks.
Enzoic (formerly PasswordPing) understands that attacks using compromised credentials are a critical and growing risk to most organizations’ security environment. Drawing on decades of enterprise and commercial software experience, the Enzoic team has created simple, robust, enterprise grade solutions to better secure an essential security layer: the user authentication process.
The beginning of a simple concept: Block compromised credentials
Mike C. Wilson and Kristen Ranta Haikal Wilson had the inspiration to create a security solution that prevents people from using compromised credentials to access their online accounts. Mike knew the tendency of most people to reuse passwords across multiple sites posed a substantial security risk. He also recognized that the vast majority of consumers are not aware that their credentials are compromised and could be exploited by cybercriminals. Together, Mike and Kristen established an innovative cyber-security startup that empowers enterprises to screen for compromised credentials during the authentication process.
Presently, Enzoic has two core solutions:
- An account takeover and fraud product to protect users and customers on consumer websites.
- An Active Directory product that helps protect employees from using compromised credentials.
These solutions draw from a massive cloud database of millions of exposed login credentials continuously collected and updated from the Internet and Dark Web. Enzoic’s clients leverage the APIs to securely access the database and detect compromised credentials for their users, customers or employees. These methods identify exposed credentials, harden password security, and block account takeover attempts.
Enzoic’s first two years of operations have provided opportunities to pivot, evolve, and adjust to the ever-changing demands of cybersecurity. Enzoic has based its business strategies on listening, absorbing, and incorporating feedback from its clients. The demand for Enzoic’s innovative products is evident in the firm’s success: since its founding in 2016 Enzoic’s revenue has increased thirty-fold.
Ahead of the Regulatory Curve
Enzoic’s sophisticated solutions are helping companies manage new regulatory pressures that make credential screening a security standard. Enzoic’s products will help companies comply with:
- US NIST password guidelines,
- California’s Data Privacy Protection law
- EU General Data Protection Regulation (GDPR)
- US FTC enforcement actions against insecure environments; and
- US SEC disclosure requirements regarding cybersecurity risks.
Enzoic is the only cyber-security vendor that specifically and actively screens for compromised credentials with minimal disruption to end users. Mike Wilson explains: “So many solutions to this problem are not entirely effective, easily defeated, can be circumvented or are burdensome to the end user. They add friction to the user experience on a consumer site. We believe there is a fine balance between security and ease-of-use, so our products are designed to only interrupt the user experience if the credentials are in fact compromised. This mitigates the need for regular forced password resets for the majority of users.”
Staying ahead of the evolving cybersecurity space
As companies are increasingly charged with protecting customer and user data, any activity that involves bits and bytes requires a security component. Cybercriminals perpetually search for ways to penetrate systems and commit theft; cybercrime evolves with each new technological innovation. However, Mike believes the Enzoic team is ready to tackle new challenges brought by hackers and cyber-criminals while preserving the user experience.
Going into 2019, Enzoic is launching a new enhanced Active Directory service as well as dashboards and enhanced alerting. Moreover, the firm will also be introducing more integrations with other IAM and security providers. The company’s sales growth is on track to be exponential and Mike believes 2019 is going to be a transformative year for Enzoic.
About Mike Wilson, Founder of Enzoic: A serial entrepreneur focused on maximizing security
Mike started his entrepreneurial journey when he was a teenager by marketing and selling custom-built computers and developing custom software after school. Since then, he has been an integral part of many security companies, startups and early stage companies. He has spent over twenty years in software development and technology, with twelve years dedicated to the information security space. Mike began his career in the high-security environment at NASA, working on the mission control redevelopment project before transitioning to the private sector. At Webroot, Mike led the development of incredibly successful Spy Sweeper product and later the development of Webroot’s first mobile security product. At LogicNow, he led the development of an anti-malware product for the MSP space. Prior to forming Enzoic, Mike was a founder at many other startups: including Bootstrap Development, TopTech Finder, and Norske Systems.