Identity security specialist
Specops Software and security services provider
GuidePoint Security are partnering to help organizations address the complexities related to strengthening authentication and protecting identities from increasing attacks by threat actors.
This week, the two organizations announced a partnership through which GuidePoint – which counts being an MSSP among various roles that also include consulting – will resell Specops’ broad password protection and end-user verification offerings to its more than 4,200 customers, which includes 50% of the Fortune 100 and 40% of the Fortune 500.
The partnership will help organizations shore up their identity and authentication capabilities in part by reducing human factors, which has long been a top weakness in cybersecurity efforts.
“Credential-based attacks, such as brute force, phishing, and credential stuffing, are not only easy to execute, but also difficult to detect without proper defenses,” said
Paul Rowe, senior vice president of sales in North America for Sweden-based Specops, which is owned by cybersecurity company Outpost24. “The challenge is that traditional authentication measures often rely too heavily on users making the right choices. Cybersecurity strategies need to include technology that enforces strong password policies, prevents use of breached passwords, and minimizes human error through layered, non-human verification.”
The reseller deal with Specops echoes similar partnerships that GuidePoint entered into earlier this year with cybersecurity companies like
Bitwarden,
Veza, and
ConductorOne.
Proactive Enforcement, Password Monitoring
Rowe said Specops’ products are based on capabilities like proactive password policy enforcement, continuous breached password monitoring, and secure self-service password reset options that enables better user experience and reduces IT security teams' workload.
The company’s flagship
Password Policy with Breached Password Protection, which is integrated with Microsoft’s Active Directory, enforces granular complexity rules, blocks the use of more than 4 billion passwords that are known to be compromised, and includes dictionary checks and support for password phrases.
“Our real-time compromised password checks are unique in that they allow organizations to dynamically block known-breached passwords without waiting for the next password change,” he said. “Combined with customizable authentication workflows and end-user verification tools, we offer precision and flexibility that many larger platforms can't match.”
The Human Element
For years, cybersecurity professionals have warned users and organizations about the dangers of weak passwords and reusing passwords for multiple accounts, but problems persist.
Savvy Security, which offers a SaaS security platform focused on identity, wrote last year that “123456” is still one of the most commonly used passwords and that
85% of people reuse passwords for multiple sites.
It also noted that weak or stolen passwords are responsible for more than 80% of data breaches.
“Creating and managing strong passwords for every account is a burden,” the company wrote. “The average person has 100+ online accounts and expecting them to generate and remember unique passwords for all of them is unrealistic. Even with password managers, a significant gap remains. Many users still manually type passwords, fail to enable the strongest encryption settings, or worse, reuse their master password – the one credential meant to protect all others.”
A 'Disconnect'
In a blog post last month, GuidePoint said its survey found that many organizations are still trying to mature their identity and access management (IAM) programs. Despite the number of identity-based threats growing, only half of the 600 IT pros surveyed said their IAM tools are effective and 44% are confident in their ability to prevent such incidents. In addition, only 47% ranked IAM as a high priority.
“This
disconnect is problematic,”
GuidePoint wrote. “Insider threats and mismanaged credentials continue to be top contributors to data breaches.”
Specops Expanding Its Reach
Secops wants to grow in North America, and Rowe sees GuidePoint as a strong match because of its technical skills, knowledge of current threats, channel reach, strong relationships in both public and private sectors, and its consultative style.
In general, MSSPs like GuidePoint and MSPs are critical to helping organizations – particularly SMBs – address their cybersecurity needs, he said.
“When it comes to identity and authentication, MSSPs and MSPs are uniquely positioned to implement best practices at a scale,” Rowe said. “They can enforce secure password policies, monitor compromised credentials, manage user verification, and roll out multifactor authentication in partnered organizations. They help bridge the gap between policy and execution, which is crucial in today’s hybrid and remote work environments.”
Both Specops and Outpost24 view the channel as fundamental parts of their strategies, with MSSPs and others able to deliver cybersecurity with context, expertise, and trust.
“Whether it’s MSSPs offering managed identity services, MSPs supporting secure IT operations, or resellers enabling solution adoption, partners are essential in helping us scale, tailor implementation, and deliver successful outcomes,” he said, adding that “they also bring local knowledge, vertical market expertise, and long-term relationships that are invaluable to our organization.”
