Alerts & Response to Logon Security Events on a Windows Network
UserLock continuously monitors all logon events, alerting IT of any suspicious or disruptive behavior so they can instantly react with appropriate measures.
React to Suspicious Access Behavior
An immediate response to suspicious, disruptive or unusual logon connections should be an integral part of an organisations security policy and risk mitigation strategy. Organisations can save a lot of time when responding to incidents if you can identify exactly what has been compromised.
As soon as any suspicious access event is detected (e.g. failed logon attempts, attempts to log on to default accounts, activity during nonworking hours…), UserLock automatically alerts the administrator (pop-ups or email), offering IT the chance to instantly react by remotely locking, logging off or resetting the appropriate settings.
Furthermore, it is important to stress that whilst monitoring user activity is required by many compliance regulation, without being able to filter or send an alert to the security administrator on specific and potentially suspicious access events, the monitoring has limited use.
Remote Response Management
New remote session administration design allows facilitation from any device, so administrators can still respond rapidly on the move using a smartphone, tablet or computer.
Personalised commands can also be defined and launched direct from the UserLock console to target one or many machines. The context menu will allow you to interact with the selected session by just checking the target box, saving time and avoiding the need to open other programs.
This immediate response can help prevent insider threats and reduce the risk of security breaches.
Alerts to compromised or stolen passwords
UserLock real time monitoring allows administrators to act immediately to compromised login credentials, but also now alerts users when their login credentials are used (successfully or not) to connect to the network.
This real-time alert allows users themselves to assess the situation and inform their IT department who can react immediately to any fraudulent use of compromised credentials.
With stolen or compromised account credentials responsible for several massive data breaches, who better than the user to judge whether an access attempt is ï¿½€ï¿½normalï¿½€ï¿½ or part of a compromised attack?