Spotlight on Dashlane – Cyber Defense Magazine


Dashlane is the leading enterprise credential manager that secures access and proactively protects against breaches. In an era where painfully simple password spraying and phishing attacks are still the primary cause of breaches, Dashlane is an essential part of company-wide credential management and security posture programs, making the simple path secure for end users.

Trusted globally by over 23,000 organizations, Dashlane’s product suite includes credential management (passwords, passkeys and secrets), user onboarding and offboarding, phishing alert systems, and initiatives to proactively bolster overall password hygiene and security. Leveraging cutting-edge technologies such as Confidential SCIM + SSO and AWS Nitro Secure Enclaves, Dashlane empowers organizations of all sizes to efficiently and effectively protect their employees and customer data.

As the leader in password management, Dashlane is perfectly positioned to lead the shift into a new era of authentication – a passwordless future. Dashlane was the first credential manager to enable users to create, save, and log in with passkeys across desktop and mobile platforms, making phishing-resistant authentication accessible to its millions of users. The company was also the first to eliminate the Master Password via Passwordless Login for the Dashlane app, allowing users to seamlessly access their accounts across different platforms and devices without having to create or remember a single password, making the login experience faster and reducing phishing risk.

Elevator pitch: 

Among hard-to-use, narrowly focused security tools, Dashlane stands out as the universally loved, comprehensive credential manager that empowers admins with tools they can set and forget, providing proactive protection with minimal effort. The product provides employees with seamless and secure access they need to do their jobs, and can be easily deployed and is easy for employees to use. That means a massive reduction in IT tickets about credential management and sharing, saving time and money.

Dashlane leads the industry in security quality, using the strongest encryption available with patented technology to protect organizations from breaches. The product also seamlessly integrates with enterprise’s infrastructure, security stack, and workflows for holistic credential security that admins can mass deploy in minutes. Our Confidential SSO & Provisioning is compatible with the most popular IdPs.

Through a simple and secure product suite that includes credential management, phishing alert systems, initiatives to bolster overall password hygiene and security, and more, Dashlane is an essential asset for any company looking to protect itself against credential-based attacks. Put Dashlane in the hands of every employee to ensure every point of access is secure across apps, tools, and devices.

Cybercrime statistics on the problem you solve?According to Dashlane’s analysis of millions of end users, the average business end user has over 70 passwords, with 13% being compromised and 46% reused. Across its entire customer base, encompassing both consumers and business users, the average user has an overwhelming 227 passwords. Given that compromised credentials are the leading cause of data breaches, maintaining robust password hygiene practices and safeguarding credentials is more crucial than ever for both employees and average users.

Dashlane secures 2.5B credentials and administers more than 100M logins per month across its user base.

CEO quote:

“Dashlane’s mission is to deliver the credential security every business and employee needs to thrive. Our goal is to make users part of the security solution by designing security that promotes behavior change and empowers IT and security teams to proactively protect their businesses against the most prevalent threats they face today.” – John Bennett, CEO, Dashlane

Customer quote:

“We had a lot of advocates for Dashlane, including our CTO. Our employees have evaluated many solutions but Dashlane was the one they wanted to work with,” says Kartheek S., Head of Information Technology, Consero. “We’re proud to tell our clients that we’re using Dashlane, and really, we think that every company handling client credentials should use Dashlane.”

What does Gartner say about you? Why?

While Gartner does not have a Magic Quadrant for password managers, they did recently publish their first report on workforce password management (WPM). While they did not analyze the effectiveness of specific vendors, they did detail a number of key benefits to deploying an enterprise password manager, including increased security, better UX, lower IT costs (they cite that the average password reset costs a company $70 each time), and enforcement of password security policy compliance.

From the report, Gartner’s recommendations to organizations include:

  • Employ a workforce password management solution to help enforce and manage password security policies at scale, with minimum impact to users’ experience.
  • Select a WPM tool that addresses your specific requirements by mapping vendor capabilities against the organization’s unique environment and user journeys.
  • Implement a WPM tool to augment the coverage of single sign-on (SSO) deployments and facilitate access to apps that do not support federated standards.

This mirrors the conversations we’re having with customers, who are realizing that there are limits to SSO in terms of overall credential management as SaaS sprawl and shadow IT proliferate. Dashlane is proud to deliver an SSO-like login experience to non-SSO applications. We provide seamless and secure access to all employees, keeping them protected whether they’re using an app their admin doesn’t know about (shadow IT) or simply using an app that doesn’t integrate with SSO.

Who are your competitors?

Dashlane’s competitors are other third-party credential managers, such as 1Password and Bitwarden.

Why is your solution better? 

  • Passwordless login across all devices: Whereas some password managers are increasing minimum character requirements, Dashlane became the first to eliminate the Master Password. Unlike competitors, Dashlane’s passwordless login works seamlessly across platforms due to the design of its passwordless system, delivering users the same experience regardless of their device hardware and software.
  • Privacy-first, confidential computing-based protection: Dashlane’s “zero-knowledge” architecture ensures only the user has access to their credential vault by limiting sensitive data processing locally to the user’s device, drastically raising the difficulty of accessing user vaults. Dashlane is the only password manager that incorporates confidential computing, leveraging AWS Nitro Secure Enclaves, to provide the enhanced security required to offer the highest level of security for enterprises through its Confidential SSO & Provisioning integrations.
  • Added phishing protection: Dashlane was the first among competitors to alert users and IT admins when credentials are copied and pasted into an untrusted site (and already prevents auto-filling in these cases).

How does your solution fit into a company’s Cyber stack? What does it pair well with?

We easily integrate with the existing security stack of enterprises, from Identity Providers for SSO and user provisioning, to SIEM solutions such as Splunk. Thanks to our use of Confidential Computing, we allow admins to very easily configure and integrate Dashlane while maintaining the highest level of security.

 How are you funded?

Dashlane has raised more than $190M in total funding from FirstMark, Sequoia Capital, Bessemer Ventures, Rho Capital Partners and others. The company is cash-flow positive, with healthy growth that allows Dashlane to invest into scaling its platform and building an enduring business.

What is your 3-year product roadmap?

While we don’t discuss specifics, what we can say is that Dashlane will continue to innovate in the following areas:

  • Enterprise support and offering increased protection for all employees. The key is to give the admin visibility and control over the company credential hygiene with low effort, while making the product delightful for employees to adopt and use every day.
  • Passwordless and leading the industry into a world without passwords and phishing. We are very active in the FIDO Alliance, pushing new passwordless standards such as passkeys and WebAuthn.
  • Keep raising the bar around credential security and cryptography. For instance, we have been exploring the implications of post-quantum cryptography for Dashlane.

How do you keep your key devs around?

We provide them with an attractive mission – we solve a real pain point for consumers and organizations – and interesting technical challenges to solve, in the fascinating cybersecurity industry. Our engineers are passionate about the field and finding solutions to provide the best of security and convenience to our customers.

We share a lot about what we do in Engineering on the Dashlane Blog: https://www.dashlane.com/blog/category/engineering

Tell me about a customer who implemented your solution and what metrics show they are happy with the solution.

Financial Services firm Consero boasts a 90% Dashlane adoption rate with users across India, the U.S., and Canada. Because Consero takes security so seriously, new hires automatically receive Dashlane training, which gives every employee a strong foundation for secure password practices. From simplifying onboarding and offboarding processes to providing quick customer support, and more, using Dashlane has paid dividends.

“We’ve increased our security and helped clients increase theirs,” shares Kartheek S. Head of Information Technology at Consero. And it’s not just passwords that Consero employees can save in Dashlane. “We can now also safely store answers to follow-up security questions, which saves us a significant amount of time every day.”

About the Author

Dan K. Anderson authorDan K. Anderson, Winner Top Global CISO of the year 2023

Dan currently serves as a vCISO and On-Call Roving reporter for Cyber Defense Magazine. BSEE, MS Computer Science, MBA Entrepreneurial focus, CISA, CRISC, CBCLA, C|EH, PCIP, and ITIL v3.

Dan’s work includes consulting premier teaching hospitals such as Stanford Medical Center, Harvard’s Boston Children’s Hospital, University of Utah Hospital, and large Integrated Delivery Networks such as Sutter Health, Catholic Healthcare West, Kaiser Permanente, Veteran’s Health Administration, Intermountain Healthcare and Banner Health.

Dan has served in positions as President, CEO, CIO, CISO, CTO, and Director, is currently CEO and Co-Founder of Mark V Security, and Cyber Advisor Board member for Graphite Health.

Dan is a USA Hockey level 5 Master Coach. Current volunteering by building the future of Cyber Security professionals through University Board work, the local hacking scene, and mentoring students, co-workers, and CISO’s.

Dan lives in Littleton, Colorado and Salt Lake City, Utah linkedin.com/in/dankanderson



Source link