Scirge is designed to monitor, analyze, and collectthe account information provided by employees onthird-party websites and educate them for bettersecurity behavior.

Web applications and accounts that areuncontrolled by IT pose challenges fromcompliance, password hygiene, data leak, and costperspective.

Monitoring log-in and sign-up forms is the only wayto discover web-based Shadow IT, as these actionsare hidden in encrypted network traffic, and hard todifferentiate from private browsing even with SSLdecryption.

Is This for You?Ask YourselfVideos

Use CasesShadow IT DiscoveryAccount and Password ProtectionGovernance, Risk Management, and ComplianceEmployee Education and Awareness

Architecture Scirge WorkflowIntegations and AutomationFeature MatrixEvaluation

Licensing & ResourcesContact Details

Next steps

Datasheet Contents

In a Nutshell

Is This for You?

Ask Yourself:

Videos

Scirge 2-minute Intro

Scirge AnimatedExplainer

On-demand ProductDemo

Are all employee passwords (including web) unique and strong?Would you know if they were reused from Active Directory,perhaps breached already?Can your employees identify a phishing site?Do they use available tools such as password managers orsecure file transfer services that you have purchased?

IT Security

Which third-party apps are being used by your employees?Are there business-critical third-party apps that you cannotcontrol, such as government portals or supplier sites?What sensitive business data could employees’ access afterleaving the organization?Are business units paying for services that they don't useanymore?Are there overlaps in the functionality of applications?

CxO & Board

Compliance & Risk

What accounts are shared or no longer used?Can everyone in the organization decide if a web-app is safeto use with sensitive or personal data?Do your employees know about your regulations?Would an employee ever delete an account if they no longerneed it? Is it okay to use any third-party website withbusiness-related accounts?

HR & IAM Do you consider third-party accounts when onboarding oroffboarding employees?How do you enforce segregation of duties for cloud apps?Can you tell what exact services are used by key employees?Do you think your C-Suite is at risk of account takeover?

Shadow IT ReadinessAssessment

Read More about Use Cases

DEEP VISIBILITYInventories include deep insights of applications,including metadata collected directly frombrowsers, such as privacy policies, terms andconditions, and social links. Additionally, HorizonCloud Intelligence provides domain reputation,country of origin, and reveals potential phishingor unwanted sites. Scirge also correlates usagetrends to discover which services have beenpopular, trending, or abandoned by youremployees, enabling decision-makers to figureout what tools users are missing or favoring for abetter digital experience.

CLOUD CONSUMPTION TRENDSConfigurable tags with custom thresholds giveinsight into application usage trends amongstemployees. Underutilized or abandonedapplications unveil changes in businessrequirements or unnecessary subscriptions.Overlapping subscriptions and widely adoptedapplications help your C-level executivesunderstand the progress and flaws of cloudadoption.

Shadow IT DiscoveryScirge differentiates websites from SaaS and cloud web applications based on the fact that auser has used a corporate email address or email domain to log in. These URLs are enriched viametadata collected from the browser, as well as dynamic data such as the domain age,blacklist checks and other domain-related intel. This allows Scirge to instantly build aninventory of all third-party applications without a pre-built database of known SaaS apps orany other integrations. Shadow IT discovery is a must for organizations for security,management, and compliance reasons.

Use Cases

AD PASSWORD PROTECTION Detecting log-ins on Active Directory-connecteddomains such as Microsoft services or otheridentity providers is completely transparent foremployees. AD/LDAP passwords go through thesame process as any other account, enablingcomplexity checks for compliance andprotection. Identifying AD passwords that arereused in third-party web applications is a redflag indicator of account security, as industryanalysts agree that stolen credentials are used in80% of successful attacks, including forransomware deployments.

PASSWORD HYGIENE According to NCSC, "Passwords need to beprotected within your system, even if theinformation on the protected system is relativelyunimportant." The number one challenge for thisis controlling employee-created accounts onthird-party websites. This is why each passwordentered into a browser is rigorously checked forweaknesses by Scirge. Custom complexity rulesare available to match regulatory requirements,and the algorithmic password strength iscalculated at the endpoints. Scirge uses industrystandard secure hashes to detect passwordreuse, password sharing, and breachedpasswords.

Account and Password ProtectionEmployee-created accounts are the Achilles’ heel of every organization. Scirge closes the gapbetween opt-in password managers and opt-in MFA options on third-party sites, and monitorsevery single account to prevent common attack vectors relying on weak credentials, such asaccount takeovers, phishing, ransomware deployments, and internal fraud.

Use Cases

Governance, Risk Management, andComplianceShadow IT applications should be embraced because they serve legitimate and valuablepurposes for employees and business departments. However, your organization cannotassess privacy requirements, delegate data ownership, plan business continuity, orconduct business impact analysis without visibility into these services. Also, high privilegeusers' accounts and passwords should be monitored with added care to discover potentialfraud or other risky behavior.

APPLICATION INVENTORYScirge collects privacy policies and T&Cs from allapplications that employees access which aremonitored via policies. By combining usagetrends, such as popularity, with geographic dataand reputation, compliance departments canidentify which services are potentially critical orrisky. Terms of these services can then beevaluated and integrated with existingcorporate policies, while users may be warnedand educated for proper use. Classifying,enlisting and investigating Shadow IT apps is theright way for zero trust and compliance.

EMPLOYEE RISK ASSESSMENTScirge detects when the accounts of VIP users,ex-employees, or users in important groups suchas administrators are being accessed by others,unveiling potential impersonation and insiderthreats. When multiple employees are using thesame credentials, conflicts over the segregationof duties arise in the breach of several regulatoryrequirements. These shared accounts are highlyrelevant for internal web applications, especiallyin the financial and HR departments, but also forprivileged users and IT staff. Employeesaccessing an unusually high number of apps orproviding a lower-than-required passwordstrength may also be flagged, either for review ofconduct or assignment to further training.

Use Cases

Please turn on MFA,and choose a uniqe

password on this site!

Employee Education & AwarenessPassword complexity and privacy regulations can be challenging to managewithout proper education. Employee awareness of phishing sites and riskyapplications should be improved every day, across all business departmentsand all levels of access. Scirge provides a one-of-a-kind awareness channel thatshows messages at the right place and time.

IN-BROWSER MESSAGINGScirge provides feedback and notifications toemployees through the top real estate of theirattention, their browser. Research shows thatpeople tend to adopt best practices and securitybehaviors from their own research and directlyfrom the applications they work with. Scirgeallows you to insert these messages precisely atthe right time, when employees are registeringand authenticating to business applications,providing constant and relevant education.

CONTINUOUS LEARNING Based on employees' long-term behaviors andactions (or lack of actions), messaging may beextended via emails, SMS, or any other APIconnected channel. Targeted templates mayinclude the specifics of the account orapplication where action or attention is required.Content will always stay relevant and tailor-made to each individual, avoiding masscampaigns of repeated and ineffectivecommunications. Rules may also be set upbased on LDAP group membership to focusselected audiences based on department,business roles, or privileges.

Use Cases

Shadow IT ReadinessAssessment

Read More about Use Cases

ENRICHED INVENTORIESData collected on the Central ManagementServer is enriched with usage-related metadataand by the Horizon Cloud Intelligence feed.Accounts and password hashes are correlated todiscover breached or reused passwords, accountsharing, and indicators of potential internal fraudor misconduct, all without ever storing cleartextpasswords. Intelligence comes into play in theform of easy-to-read tags that can be used forcorrelation and investigation.

SECURITY BY DESIGNScirge Endpoint Browser Extensions onlycommunicate to your dedicated managementappliance that can be hosted in the cloud, ordeployed locally as a virtual appliance. TheCentral Management Server communicates viaan encrypted tunnel, and sensitive data at rest isencrypted at the endpoints as well as on theserver. No traffic is directed towards publiccloud, and endpoints operate even when offline.Endpoint authorization and anonymization ofsensitive data are further options for securedeployment in any enterprise environment.

Scirge WorkflowScirge has a light and unique endpoint component in the form of a browser extension. Its taskis to monitor account and application usage via corporate emails and credentials and performactions based on centrally-managed policies. Browser extensions can't be disabled or removedby users, when deployed via AD Group Policy or other management tools, and allow a quickand easy installation. They have a near-zero performance impact, and almost zero chance ofinteroperability issues with local applications, due to the inherent sandbox nature of browsers.

Data collected from the browser is sent to the Central Management Server, where it is correlated and enriched via the Horizon Cloud Intelligence feed.

Dashboards create visibility, and workflows automate actions to respond torisks and educate employees.

john@business.com

john@business.com

john@business.com

Architecture

Integrations and AutomationScirge allows unlimited custom integrations via APIs to orchestrate workflows based onevents and the correlation of indicators. Enforcing LDAP password resets based oncomplexity requirements, breached, or reused passwords are the first step in creating azero-trust environment. Employee education may also come in the form of integratedmessaging via various channels and methods.

AUTOMATED WORKFLOWSCustom Tags and events triggered based oncorrelating indicators allow you to send relevantnotifications to automated tools, securitydepartments, and directly to employees. Forexample, when an important account falls victimto a phishing attack, an immediate passwordreset should be triggered, and a warning sent tothe employee and relevant departments toprepare for incoming attack attempts.Workflows integrate with multiple channels,critical events may be forwarded in the form ofSyslog, API calls, or tickets via emails to therelevant departments. Emailing the employeesdirectly allow you to outsource most manualtask, as their passwords can usually only be resetby them, to avoid any overhead for the ITdepartment.

AD & LDAP INTELLIGENCEEmployees are identified via their LDAPcredentials used in browser-based services suchas O365 or other Identity Providers. Their usernames and passwords are checked for passwordhygiene, and accounts and applicationscollected from their browsers get associatedwith their persona. Direct login screen, and localuser information collection are also available foralternative identification. Scirge connects to yourActive Directory or LDAP to collect groupmembership and important metadata aboutyour employees, so risk levels and customizedawareness messages may be set up based ontheir roles. Password changes in your directoryservice may also trigger a new authenticationrequest for employees, so their passwords canundergo a stress test against their existingaccounts and other policies. Compliance andregulation that require password complexitychecks are no longer restricted by the limitedcapabilities of AD and LDAP servers.

Architecture

*Valid maintenance Is required for Perpetual licenses

ARCHITECTURE AND INTEGRATIONSSyslog IntegrationSMTP IntegrationAD/LDAP IntegrationAPI IntegrationRole Based Access ControlPII AnonymizationCustomizable WorkflowsTransparent LDAP IntelligenceCustomizeable Tags

WEB APPLICATION VISIBILITYDetect Any Web AppAutomatic Metadata CollectionUser-level App & Account InventoryApplication Usage IntelligenceWeb App Reputation & Metadata Enrichment

ACCOUNT AND PASSWORD PROTECTIONPassword Strength & Complexity ChecksPassword Reuse DetectionBreached & Common Password DetectionAD Password Strength & Complexity ChecksAD Password Reuse DetectionBreached & Common AD Password DetectionCustom Password Blacklist ChecksIn-browser Real-time Awareness MessagesEmail & API-based Alerts

COMPLIANCE AND RISK MANAGEMENTShared Account DetectionIdentity Misuse DetectionInactive & Disabled AD Account Reuse DetectionPower User DetectionAutomatic Terms & Privacy Policy CollectionBlocking Capability

EMPLOYEE EDUCATIONIn-browser MessagingMulti-channel Messaging

LICENSINGAll Future Features Included*Subscription & Perpetual Licensing Options

ADD-ONSMulti-browser Add-on (MBA)Horizon Cloud Intelligence (HCI)*Active Directory Password Protection (ADPP)

MAINTENANCESubscription License Perpetual License

SCIRGE ESSENTIALSYesYesYesYesYesYesYesYesYes

YesYesYesYes

HCI Add-on

YesYes

HCI Add-onADPP Add-onADPP Add-on

HCI & ADPP Add-onYesYesYes

YesYesYesYesYesYes

YesYes

NoYes

Sold SeparatelySold SeparatelySold Separately

IncludedYearly Maintenance

SCIRGE 360YesYesYesYesYesYesYesYesYes

YesYesYesYesYes

YesYesYesYesYesYesYesYesYes

YesYesYesYesYesYes

YesYes

YesYes

IncludedIncludedIncluded

IncludedYearly Maintenance

Ask for a Quote

Feature Matrix

Ask for aQuote

Proof of ConceptScirge is easy to evaluate via on-site deployments or our cloud-based demo lab. Our PoC guides and the onboarding guide on theCentral Management Server will help you navigate first steps andset up the most interesting use cases. The Scirge evaluation licenseis available for a 30 day trial, and support is available throughoutthe process. If you have concerns about the requirements or theprocess, reach out for a 30-minute PoC consultation.

Shadow IT Audit Scirge is also available for audits, providing a quick and passivediscovery of Shadow IT assets within the organization. If you areinterested in assessing your cloud footprint, reach out for aconsultation.

Live DemoLet us provide you with a personal live product tour—no webinarsor videos, just you and us, about your unique situation. Book in fora 30- or 60-minute demo, whichever fits your schedule best.

Evaluation

RequestAccess

RequestAudit

Book a Demo

Get the DetailsIf you are convinced already, and would like to dive deep into thetechnicalities, visit our User Guide to check out systemrequirements, deployment options and every other detail aboutScirge at our online documentation site.

Read the Docs

Shadow IT ReadinessAssessment

Scirge Blog On-demand ProductWalkthrough

LicensingScirge is available as a yearly subscription and as a Perpetuallicense with a small annual support fee.

Licensing is based on the number of active browser extensionsdeployed. Supported browser types are Chrome, Edge and Firefox.Multi-browser licensing is available for organizations that supportmultiple browsers.

Resources

Contacthello@scirge.com

Next Steps

Scirge GlossaryUnderstanding TagsCloud Visibility GAPCIS ControllsUse CasesWebinars

DocumentationBecome a Partner

Useful links

Ask for aQuote

Book a Meeting