EPAS is a patented (USPTO 9,292,681 B2, EP2767922) solution developed by Detack GmbH and its Swiss partner Praetors AG. It is an on-premises SaaS solution for enterprise wide, automatic and regular password quality assessment and enforcement for a wide range of systems. EPAS addresses the overwhelming issue of maintaining secure passwords in large, heterogeneous environments containing Microsoft A/D, Linux/UNIX, IBM System z, SAP and more.

EPAS uses a self-developed, patented technology designed for enterprises and public authorities, to extract all relevant password data from a target system, and uses these to assess the resilience of passwords against attacks. EPAS employs only legitimate cipher text extraction methods and therefore creates no system stability risk for the target.

EPAS has been designed to meet the needs of modern enterprises. More than 30 different systems and databases, ranging from IBM, SAP, Linux/UNIX, Oracle to Microsoft, are supported. Legally compliant reporting offers all security relevant password data whilst respecting the protection of personal data and satisfying workers councils´ requirements. EPAS is an on-premises SaaS solution and delivered through appliances which are integrated into the client´s data center.

A more in-depth presentation of the EPAS Audit solution can be downloaded as a PDF document here:



The EPAS Enforcer licensed feature systematically prevents the use of weak, reused or shared passwords whenever the password is changed. EPAS Enforcer for A/D integrates as an LSA filter on the Windows Active Directory domain controllers and ensures that passwords meet defined security requirements when set or changed, in line with a centralized policy mandated by the risk category of the information they protect. The new password is tested against the EPAS evaluation criteria and is accepted or rejected, depending on the defined security requirements. This means that formerly permitted passwords like “Password123” or “Secret!” are not accepted any longer by the computer.

If the password change attempt is unsuccessful, an optional feature of the EPAS Enforcer displays the failure reasons (e.g. “Password must not be included in a dictionary.”) to the end user. The security requirements for a password result from the security classification of the data to be protected, based on customer specific measurements.

A more in-depth presentation of the EPAS Enforcer solution can be downloaded as a PDF document here:


Other Industry Solutions

sign IA is a suite of components offering real and secure Single Sign-On with implementation of Windows Logon. It integrates single, multiple and multi-factor-authentication sources using logon tickets. The authorized users get automatic access with Windows Logon (Kerberos) to all connected applications. A manual entry of further credentials is not required.

The integrated Web Security Gateway (GW) securely seals off the applications against attackers. As a result, only authenticated and authorized users get access to sensitive company and customer data.

Security Management

Complex environments in particular have to meet high security requirements, which must comply with various regulations (security laws, company requirements, BSI standards, etc.).

COSMO (Continuous Object-based Security Management Operations) documents in detail the implementation of security measures through security templates and provides both a central overview of the current status of implementation as well as documentation on past stages.

It thus serves the management as evidence of the measures taken and supports the operational level in the implementation of possible solutions.

ATMs & Retail Banking

Endorsed and certified by ATMIA (ATM Industry Association), Detack is the leading supplier of professional IT security services for retail banking, core banking, online banking, cash and payment processing systems. The largest German banks and ATM networks are already clients of Detack for securing their ATM and POS networks.