Skip to content

The platform

Active Directory at the core, extended outward.

PassVision is built around your directory. Active Directory Protection does the heavy lifting inside AD; Web Credential Verification extends the same intelligence outward to prove real-world exploitability. One platform, both sides of the door.

Request a Demo Get a Free Assessment
NIST 800-63B ALIGNED·ON-PREM & AIR-GAP READY·NO PLAINTEXT LEAVES YOUR ENVIRONMENT
AD_PROTECTION · INSIDECORP.LOCAL
d.yilmazCORP\financeBlocked
r.silvaCORP\it-opsVerified
WEB_VERIFICATION · OUTSIDEYOUR APPS ONLY
c.moreauvpn.acme.netLive
t.brandtcrm.acme.netDEAD
ONE INTELLIGENCE STREAMSELF-HOSTED

Both sides of the door

Two modules, one door, one stream.

Active Directory Protection holds the inside of the door; Web Credential Verification tests it from the outside. Both draw on the same breach and CTI intelligence: one platform watching both sides.

ACTIVE DIRECTORY PROTECTION

Active Directory Protection

Guards your workforce where identity actually lives.

The weak password never exists, and the exposed one never hides.

Explore Active Directory Protection →

Real-time policy & prevention

Blocks leaked, reused, and non-compliant passwords the instant they're set, NIST 800-63B aligned.

Forbidden-words enforcement

Company-specific terms, personal data, and predictable patterns denied at the point of change.

Always-on detection

Every account screened continuously against a breach database billions of records deep.

Automated remediation

Forced reset, reset verification, notify, and alert: every risk driven to closure.

WEB CREDENTIAL VERIFICATION

Web Credential Verification

Extends the same intelligence outward.

Act only on live credentials, not dead exposures.

Explore Web Credential Verification →
WEB_VERIFICATIONLEAKED PAIRS: 3
k.demirportal.acmebank.comLive
l.novakmail.acme.netDEAD
s.tanakasso.acme.netScanning
AUTHORIZED BY SIGNED CONTRACT + SCOPEYOUR APPS ONLY
01Attempts the real login: proves a leaked credential still works.
02Finds the page itself: any language, multi-step, SSO.
03Sweeps reuse: tries it across every registered app.

What sets it apart

Five capabilities at the core.

Everything PassVision does turns on five things: four guarding the directory, one proving exploitability from outside.

AD

Always-on password tracking

Every account monitored continuously; existing and new passwords re-checked as leaks surface.

AD POLICY

NIST 800-63B compliance

Granular, NIST-aligned policy replaces static complexity rules; audit-ready by default.

AD

Real-time forbidden words

Blocks company-specific terms the instant a user tries to set one.

INTEL

Real-time CTI correlation

Ingests threat-intel feeds continuously, flagging exposed accounts the moment a leak lands.

WEB

Live web verification

Attempts the real login to prove which leaked credentials still work. No policy tool can.

Four capabilities guard the directory from the inside. The fifth reaches outward to prove real-world exploitability: the difference between knowing a credential leaked and knowing it still works.

See how the stream is routed →

Fits your stack

Adds intelligence where your tools are blind.

PassVision doesn't replace AD, IAM, or SOC tooling; it plugs into them, feeding existing workflows instead of adding new ones.

Native Active Directory enforcement

Runs inside standard Windows password workflows; AD stays the control center.

Real-time CTI ingestion

New leaks flow in automatically and correlate against your directory.

SIEM-ready events

Password-risk events forwarded with full context for centralized logging and alerts.

Cloud, on-prem & air-gapped leak databases

Breach datasets deploy where your posture allows; no plaintext leaves your environment.

Audit-ready NIST 800-63B evidence

Continuous, evidenced enforcement, not point-in-time compliance claims.

Platform questions

Two questions we hear most.

What are PassVision's two modules?

PassVision has two modules. Active Directory Protection prevents weak, breached, and reused passwords at the moment of change and audits every account continuously. Web Credential Verification attempts a real login with a leaked credential to prove whether it still works, and sweeps reuse across the organization's apps.

Can PassVision run on-premises or air-gapped?

Yes. PassVision is self-hosted on-premises or in your own cloud, never multi-tenant SaaS. Active Directory Protection and the breached-password database can run fully air-gapped. Web Credential Verification reaches live external targets, so it requires outbound connectivity.

See all frequently asked questions →

One platform, both sides of the door.

Weak passwords blocked on the inside. Live credentials exposed on the outside. Every door locked before someone else tries it.

Request a Demo Get a Free Assessment