VeriClouds CredVerify™ Uses Intel SGX to Prevent Reusing Leaked Credentials

Share Article

The number of stolen passwords readily available to cyber criminals and nation-state attackers on the dark web now numbers in the billions, and grows daily. Forward thinking organizations need a credential monitoring and verification service to be able to detect, verify and respond to the risk of compromised credentials.

VeriClouds

“Through our partnership with Intel, we are pleased to be able to deliver one of the safest and most secure credential verification services available on the market, designed with privacy and scalability required by today’s global organizations.

VeriClouds has announced that it has launched a new version of its flagship product CredVerify. This latest version of CredVerify runs on a specially designed hardware appliance which uses Intel® Software Guard Extensions (Intel® SGX), providing economical and effective controls that prevent tampering and abuse of compromised credentials. VeriClouds CredVerify™ uses Intel® SGX to protect the sensitive credential verification process with hardware-based crypto built inside the CPU.

The number of stolen passwords readily available to cyber criminals and nation-state attackers on the dark web now numbers in the billions, and grows daily. A solution that can detect if a user's credentials are among these stolen records is essential for enterprise security and regulatory compliance. According to the Verizon 2017 Data Breach Investigations Report, 81% of hacking-related breaches leverage stolen and/or weak passwords.1

Minimizing the Threat of Data Breaches from Stolen Credentials

The CredVerify API service runs its credential verification process inside an SGX enclave. Compromised credentials stored in VeriClouds database are encrypted with military grade (i.e., AES 256-bit) encryption and can only be decrypted for comparison against the credentials from the clients within the enclave. This design helps defend against both internal and external attackers, including malware running on the host machine and rogue employees. The VeriClouds solution can be deployed to the data center of an enterprise customer or enabled through a IaaS provider that supports SGX.

“VeriClouds CredVerify™ with Intel® SGX enables enterprises to detect compromised credentials, with privacy protected by design,” said Steve Tout, CEO of VeriClouds. “Through our partnership with Intel, we are pleased to be able to deliver one of the safest and most secure credential verification services available on the market, designed with privacy and scalability required by today’s global organizations.”

“Intel® SGX helps VeriClouds further protect the sensitive credential verification process,” said Rick Echevarria, Vice President, Software and Services Group and General Manager, Platforms Security Division, Intel Corporation. “VeriClouds is focused on minimizing the threat of data breaches through stolen credentials; Intel® SGX is a great solution for enhancing customer security and privacy.”

Avoiding stolen credentials is also important for achieving regulatory compliance, particularly for federal government agencies. Updated guidelines from the National Institute of Standards and Technology (NIST) require screening of new passwords against lists of commonly used or compromised passwords.2

Learn More About Intel SGX
For more information about Intel SGX visit: software.intel.com/en-us/sgx

For Support send an email to: intel.com/content/www/us/en/support/contact-support.html#@11

About VeriClouds
VeriClouds is a credential verification services company helping organizations detect compromised credentials before hackers do, using the same data attackers do, proactively monitoring the dark web and systematically reducing user-centric risk. VeriClouds provides the best approach for eliminating the biggest cause of massive data breaches, the weak and/or stolen password. VeriClouds was founded in 2014 by Rui Wang, a former security researcher at Microsoft with a PhD in cyber security, and Stan Bounev, a successful entrepreneur with over 16 years of corporate and startup experience. VeriClouds has built one of the largest and most secure commercially available databases of known compromised credentials collected from the dark web and diverse data sources using privacy preserving principles and strong encryption. For more information, visit https://www.vericlouds.com or follow us on Twitter @VeriClouds.

1 - 2017 Data Breach Investigations Report, 10th Edition, Verizon
2 - NIST Special Publication 800-63B, Digital Identity Guidelines, Authentication and Lifecycle Management, National Institute of Standards and Technology, US Department of Commerce, 2017

Product and company names herein may be trademarks of their registered owners.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

PR
VeriClouds
+1 (408) 825-3350
Email >
@vericlouds
Follow >
VeriClouds

Visit website