+1-800-492-3951 or +3220.127.116.11.20 (GMT+1)
Bolster your defense against the insider threat
The seriousness of insider threats, intentional or not
Identify & mitigate the risk from authenticated users
Securing network access for all authenticated users
Moving from access logging to continuous monitoring and immediate response
Disseminate good user behaviour to protect against insider threats
Reduce the risk of security breaches from the insider threat
Control system access, identify employees on the network, respond to suspicious activity & protect patient data with IS Decisions solutions. Read more
Strong access control measures, enforced unique user ID and enhanced access monitoring to the network and cardholder data with our solutions. Read more
Userlock and FileAudit can both help you address the requirements of SOX by allowing you to control and monitor system access and identity. Read more
UserLock and FileAudit protect the network, and sensitive information within, against unwanted access to help your business become ISO 27001 compliant. Read more
UserLock directly addresses two access control baselines of NIST 800-53, AC-9 Previous Logon (Access) Notification and AC-10 Concurrent Session Control. Read more
This guide looks at some of the key areas for HIPAA compliance and the NHS Security policies with relation to internal safeguards.
Check if you're compliant
Research and guidance on access security for PCI, SOX, GLBA and FCA regulations that safeguard sensitive financial and customer data.
Research and guidance on user security and information access compliance for FISMA, ISO 27001, DPA and Lexcel regulations.
Rather than blaming users for being human, start better protecting users’ authenticated access.
If you are implementing an insider threat program, here’s a 12 step guide to help ensure that it’s set for the future of internal security.
An alternative to complex, costly and disruptive multi-factor authentication
A report on the frustrations that IT managers face with multi-factor authentication and how to improve access security without impeding end users or disrupting existing infrastructure.
User Security in 2015: The future of addressing insider threat
2015 is set to see a huge rise in the number of IT professionals taking action to address insider threat in their organization according to our new research.
Insider Threat Security Manifesto: Beating the threat from within
What can you do to mitigate the risk of insider threats from both a technological and cultural standpoint?
From Brutus to Snowden: A study of Insider Threat Personas
Who are the most potentially dangerous users in your organization and what you can do to alter behavior and mitigate risk?
Insider Threat Peer Report
A rare insight into the views of security experts from a variety of industries on internal security
Do your actions risk your employer's security? Prove it!
Play The Weakest Link - A User Security Game.
Free to play for any employee in any position, from any department.Help engage your users and reinforce their user security awareness.
UserLock limits concurrent logins, restricts access, monitors, alerts and reports on session activity throughout the corporate Windows network.
FileAudit monitors, archives and reports on access (or access attempts) to sensitive files and folders stored on Microsoft Windows systems.
RemoteExec remotely installs applications, executes programs, scripts and updates files and folders on Windows systems throughout the network.
WinReporter retrieves detailed information about hardware, software and security settings from Windows systems and automatically generates reports.
Knowing who your users are and managing their access is central to effective IT security. UserLock extends Windows Active Directory security by applying further restrictions to authorized users based on a range of criteria. UserLock gives an important extra layer of control.
Once restrictions are set, UserLock monitors all Active Directory login and session events in real time, so organizations can control and record what users can do.
Once installed on any server member of the domain (see previous tutorial), UserLock must deploy a micro agent onto each workstation that are members of the selected network zone. This can be done through the UserLock console which contains an agent deployer with manual or automatic modes.
The automatic mode will deploy the agent on all workstations that are members of the protected zone. If a new machine is added to the network zone UserLock protects, it will be automatically protected without having to do anything.
Once deployed all Windows session events on your protected zone will be detected and logged in the UserLock database.
With UserLock, organizations can set restrictions according to user, user group and organizational unit. Allowing restrictions to be centrally set for an entire group goes beyond native functionality; saving time and helping IT teams implement effective and manageable login controls.
The UserLock restrictions (rules) for user sessions are displayed by clicking on ‘protected accounts’.
Preventing concurrent logins via a single identity makes it hard for users to share their credentials or use two different devices concurrently. This averts one of the most potentially dangerous situations for a Windows Active Directory network.
Define the limit by checking the ‘Allowed workstation session box’ and entering the limit.
The rules are applied in real-time. Every user that is a member of the defined Group will now be limited to one simultaneous session on protected workstations. If a user tries to logon a second time on a different workstation, it will be denied.
The message that is displayed to users at this point can be personalized. If needed, the user can be allowed to logoff an existing session if the number of allowed sessions has already been reached. This authorizes a user to do a remote log-off instead of being denied.
For each defined user, group or organizational unit, UserLock can control and restrict the workstation from which a member can open their sessions. This will ensure for example, that a user opens a session from their department, and not on a workstation their not supposed to.
The definition of these rules consists of a machines list which can be authorized or denied. You can complete this machine list in different ways: one by one, using the name or the IP address of machines thanks to an IP range, or by Organizational Units.
Once validated, a user trying to logon to a machine that is not listed will be denied.
The time restrictions offer several options: Hours frame, quota and actions to take in case of session inactivity. The video tutorial focuses on the Hours rules.
In the same way as the workstation rules, you can state an authorized or a denied time frame. Define the day and the hours during which users can open a session on the protected workstation.
Also specify the concerned session type. If necessary, you can enter several hour sets, if you have different hours range for specific days.
Users from this group will be denied if trying to logon during a non-authorized time frame.
Users will be notified when the end of the authorized time frame is approaching and will be closed as defined.
You can manage UserLock behavior when a user is detected as a member of several rules.
The server Properties give you the option to apply the less or the most restrictive policy. Choose the one which is adapted to the Policy you have defined.
For example, in the video tutorial we choose ‘least restrictive’. As we have defined a rule for the ‘Everyone group’, we are sure that if a user opens a session on the network, it will be limited to one concurrent session, except if they are a member of another group for which we have defined a higher limit.
If for any reason you have to define an exception for a specific user, then you can create a rule targeting their user account. A Protected account set for a user account will always override the Group/OU Protected accounts policies.
For example, giving an unlimited access for the built-in administrator account will consist of creating a user rule and leaving it with undefined rules.
Required for any information system to comply with major regulatory constraints, UserLock applies these access rules to secure user access to the Windows Active Directory domain and help organizations get compliant.
The different reports available in UserLock can help you in your Workstation user session Policy. Take a look at the specific tutorial designed for this purpose.
The next step is to complete your access policy with the other session types than UserLock can monitor and protect: Terminal sessions, Wi-Fi & VPN session, and Web application sessions.
(Free number for US & Canada)
Copyright © - IS Decisions | All Rights Reserved.