+1-800-492-3951 or +3126.96.36.199.20 (GMT+1)
Bolster your defense against the insider threat
The seriousness of insider threats, intentional or not
Identify & mitigate the risk from authenticated users
Securing network access for all authenticated users
Moving from access logging to continuous monitoring and immediate response
Disseminate good user behaviour to protect against insider threats
Reduce the risk of security breaches from the insider threat
Control system access, identify employees on the network, respond to suspicious activity & protect patient data with IS Decisions solutions. Read more
Strong access control measures, enforced unique user ID and enhanced access monitoring to the network and cardholder data with our solutions. Read more
Userlock and FileAudit can both help you address the requirements of SOX by allowing you to control and monitor system access and identity. Read more
UserLock and FileAudit protect the network, and sensitive information within, against unwanted access to help your business become ISO 27001 compliant. Read more
UserLock directly addresses two access control baselines of NIST 800-53, AC-9 Previous Logon (Access) Notification and AC-10 Concurrent Session Control. Read more
This guide looks at some of the key areas for HIPAA compliance and the NHS Security policies with relation to internal safeguards.
Check if you're compliant
Research and guidance on access security for PCI, SOX, GLBA and FCA regulations that safeguard sensitive financial and customer data.
Research and guidance on user security and information access compliance for FISMA, ISO 27001, DPA and Lexcel regulations.
If you are implementing an insider threat program, here’s a 12 step guide to help ensure that it’s set for the future of internal security.
An alternative to complex, costly and disruptive multi-factor authentication
A report on the frustrations that IT managers face with multi-factor authentication and how to improve access security without impeding end users or disrupting existing infrastructure.
User Security in 2015: The future of addressing insider threat
2015 is set to see a huge rise in the number of IT professionals taking action to address insider threat in their organization according to our new research.
Insider Threat Security Manifesto: Beating the threat from within
What can you do to mitigate the risk of insider threats from both a technological and cultural standpoint?
From Brutus to Snowden: A study of Insider Threat Personas
Who are the most potentially dangerous users in your organization and what you can do to alter behavior and mitigate risk?
Insider Threat Peer Report
A rare insight into the views of security experts from a variety of industries on internal security
Do your actions risk your employer's security? Prove it!
Play The Weakest Link - A User Security Game.
Free to play for any employee in any position, from any department.Help engage your users and reinforce their user security awareness.
UserLock limits concurrent logins, restricts access, monitors, alerts and reports on session activity throughout the corporate Windows network.
FileAudit monitors, archives and reports on access (or access attempts) to sensitive files and folders stored on Microsoft Windows systems.
RemoteExec remotely installs applications, executes programs, scripts and updates files and folders on Windows systems throughout the network.
WinReporter retrieves detailed information about hardware, software and security settings from Windows systems and automatically generates reports.
There is no way in Windows to get a report saying «John logged on at 8:00 and he logged off at 11:00.»
The reason is again that the domain controller does not keep track of the fact that John is still logged on here at this computer.
Some of you might think that if we combine the security logs on those domain controllers and filter the events correctly, we could get a report of all of the initial logons that will also show us all of these connections to other servers.
If you have tried, you know how problematic it can be just to get a list of all the initial logons from looking at your domain controller security logs, unless you have the capability to correlate multiple events down to one row on your report.
Some others might suggest that we could just track all of the network logon and logoff events and then put together a report from that that shows all logon sessions, showing us not only when John logged on but how long he stayed logged on and then when he logged off. Well, that does not work. When a user maps a drive to a server, opens up a file on this server and then closes it, the file server closes (within just seconds or at the most a couple of minutes) that logon session and logs a logoff event (in the security log).
The user is still sitting at his workstation and has just no idea that he just logged off from the server. When he next tries to open up a file over here on the server, the workstation notices that he has been disconnected and the workstation silently reconnects him to the server, which generates yet another logon event on the server. And then once he closes that file and does not have any other files open on the server, the server closes that connection again, generating another logoff event in the file server. That is why file servers usually show hundreds of logon and logoff events for the same user throughout the day.
So there is absolutely no way to piece together the user's overall logon session by looking at the domain controller logs or file server logs. And that leaves the security logs on all of your workstations. Except for some very high-security, government-related, small networks, I have never seen any company that collects all of their workstations' security logs. That is not to say it is impossible, but you can imagine the storage and licensing costs on of trying to do that and it is therefore pretty impractical to try to use the security log to generate this important report in the first place.
It gives the ability to answer crucial questions when it comes to investigations following an incident. Who was really logged on? Where were they logged on? When did they log on? How long did they remain logged on? When did they log off? At any given time, which people were actually logged on at their systems? And that is what we are not getting with Windows native Windows functionality …
This feature is nonetheless required for an Information System to comply with major regulatory constraints, including:
UserLock records all session logging and locking events in an ODBC database (Access, SQL server, Oracle…) for future reference. Reports can automatically be generated at regular intervals, in order to update an Intranet Web site, or being sent by Email (using third party software).
UserLock provides 9 predefined reports:
Share this page:
(Free number for US & Canada)
Copyright © - IS Decisions | All Rights Reserved.