Protect against compromised Windows login credentials… …without obstructing or impeding end users

A new version of UserLock goes further to reduce the risk of external attacks and internal breaches

We have updated the software based on feedback from companies like you and IS Decisions’ own research*, which found that:

55%

of businesses have suffered a security breach as a result of compromised logins

47%

believe security measures negatively impact employee productivity

54%

of the time, businesses are not confident of tracing a breach back to the source

The launch of UserLock 9 continues to help you to avoid being part of these statistics.

*: IS Decisions surveyed 500 US and UK businesses in May 2016, and will soon be publishing a top-tips guide on how to avoid the common pitfalls that many business are currently falling into.

UserLock 9’s new features include:

New context-aware access control – Initial Access Point

UserLock can now analyse the sequence of user connections to determine a new point of entry in the network.

By limiting the number of initial access points to a single point of entry, UserLock detects any further attempts to connect from inside or outside the network using shared or stolen credentials – and subsequently alerts the IT team while automatically blocking access.

Other contextual and customizable user login rules include time, location, machine, device, number of concurrent sessions and session types.

Read more Try now
Initial access point

Enhanced risk detection & alerts on suspicious user activity

UserLock can now detect, alert and display as ‘high-risk’ behavior certain events that could suggest a compromised account. For example:

  • Simultaneous connections from inside and outside the local network
  • An attempt to connect to a new session from an existing session with different credentials
Read more Try now

Machine time-zone restrictions

UserLock 9 now also includes machine time-zone restrictions, which enables admins to apply local time restrictions according to each client’s machine time instead of the UserLock server time.

Read more Try now

Immediate, one-click block

UserLock monitors all network logins in real-time and alerts IT admins to suspicious activity. Now with just one click, IT admins can review and immediately block any suspect user accounts. UserLock 9 then denies all further logon attempts and closes any existing sessions, so administrators can mitigate risk much more quickly and effectively than with previous versions of the software.

Read more Try now

Transparent to the end user, contextual access protection ensures employees remain productive and are not continually interrupted with additional security steps, for example tokens or smartcards.


UserLock 9 also allows you to easily display and check all effective restrictions that are applied to a specific user.

Example of effective restrictions on UserLock

Concurrent sessions allowed
Initial access points Limited to 1
Workstation sessions Limited to 1
Terminal sessions Limited to 0
Workstation restrictions
Restriction settings Authorized the following list
Interactive WKS005
Station 10.1.2.15-10.1.2.30
Interactive OU=SalesWKS,OU=Sales,DC=MyDomain,DC=local
Hour restrictions
Restriction settings Authorized the following list
Interactive
Mo Tu We Th Fr Sa Su
08:00:00 to 19:00:00
Workstation
Mo Tu We Th Fr Sa Su
09:00:00 to 13:00:00
Action to take in case of overtime Logoff session
Hour restrictions - Session
Maximum session length Limited to 15 min
Logoff notification timeout Limited to 5 min
Time quotas
Workstation
Week
37:00:00
General
Allow to logoff an existing session if the number of allowed sessions has already been reached Disabled
Allow only one unlocked interactive session Disabled
Display the welcome message Enabled
Warn users in real time of all connection events involving their credentials Enabled
Notifications
Send an E-mail when selected events are detected Enabled

Download the free 30 day trial of UserLock

Crucially, UserLock still maintains its simplicity. It’s a non-disruptive technology that works alongside Active Directory to extend security, not replace it. It neither impedes users nor frustrates IT teams, unlike tokens or smartcards which are costly, complex and time consuming to set up and manage.

François Amigorena

IS Decisions CEO