Amid the billions of credentials that are breached each year, security teams are focused on one core question: do any of these breached passwords really provide access to my company’s systems?

That is precisely why, in July, we announced the first of our automated actions – the ability to validate credentials in Search Light (now ReliaQuest GreyMatter Digital Risk Protection). In this blog, I wanted to go into a little bit more detail to outline the four different options for credentials validation.

Search Light (now ReliaQuest GreyMatter Digital Risk Protection) Validation
Figure 1: Validation options displayed within Search Light (now ReliaQuest GreyMatter Digital Risk Protection)

Password Format

The most popular method for validating a credential is through defining the password format. Most organizations now have password policies for employees, including requirements for minimum lengths and the type of characters that must be included. 

Search Light (now ReliaQuest GreyMatter Digital Risk Protection) users can validate credentials based on their password policies, as it shown in Figure 1. What if you require 20 characters and either must contain a special character or a number? No problem, you can specify that in the configuration module.

SaerchLight Password Format
Figure 2: Defining the password format in Search Light (now ReliaQuest GreyMatter Digital Risk Protection)

Email Address Format

As well as the format of the password, it is also possible to specify the format of a username. We provide the most common formats, such as [email protected], but users can also opt to enter in custom format. Some security teams have different formats for different domains, and so there is the ability to set up unique formats for each domain you own.

Email Address Search Light (now ReliaQuest GreyMatter Digital Risk Protection)
Figure 3: Defining the email address format in Search Light (now ReliaQuest GreyMatter Digital Risk Protection)

Okta Integration

For users that wish to validate emails via a cloud directory platform may be configured to use for validation. An integration is required with one of the available directory platforms. 

Once the Okta integration is enabled, you may enable validation of the email address. 

Configuring Okta
Figure 4: Configuring the Okta integration in Search Light (now ReliaQuest GreyMatter Digital Risk Protection)

Email List Upload

Not all organizations have a cloud directory or defined credential formats. A final option for credential validation, therefore, is through an upload of an email list. Users simply export their most current directory and upload a csv to the SeachLight portal. This is particularly useful at weeding out those users that have since left the company.

Save Precious Triage Time

The most important benefit of these credential validation methods is the time savings. It can take hours of time for security teams to understand if the exposed credentials represent a valid threat to the company. Not only do these validation checks save that valuable time, but users can also opt to automatically reject alerts if they do not pass a validation check. 

If you have any questions about Search Light (now ReliaQuest GreyMatter Digital Risk Protection)’s exposed credential monitoring, get in touch!