Use Case
Ransomware and lateral movement security
Block ransomware spread and lateral movement at the first step: the logon. With UserLock, help prevent attacks and protect sensitive data by enforcing identity and session-based controls.
Why status quo access security fails to stop ransomware and lateral movement
After the initial breach, ransomware attacks rely on valid credentials to move laterally through the network, often escalating privileges.
Every Windows logon represents a potential attack path. Key risks include:
Shared or reused Microsoft account credentials across users or systems
Insecure remote access (VPN, RDP, unmanaged devices)
Security gaps between legacy systems and cloud-based identity platforms
How UserLock prevents lateral movement
Reduce attack surface, stop identity sprawl, and give the security team visibility into every session, every login. UserLock turns each AD access event into a policy-based, highly visible event.
Enforce MFA on UAC prompts
Apply contextual access controls
Stop concurrent logins
Block or logoff users with suspicious access
UserLock sits at the Active Directory authentication layer thanks to a custom Windows credential provider. Built for AD, UserLock lets you set access policies by AD user, group, and OU.
It’s easy to use, easy to scale, and keeps IT in control.
Comprehensive access security
)
)
Verify AD identities with granular MFA
Apply strong authentication across access to legacy systems and SaaS apps with hardware keys or TOTP. MFA on UAC (user account control) prompts defeats privilege escalation attempts.
)
)
Extend strong authentication to SaaS access
Enable single sign-on (SSO) for AD identities to extend on-prem authentication from local systems to SaaS resources. Users enter their password once at login, complete strong authentication, and gain access to SaaS apps.
)
)
Apply context-based controls
Block login attempts automatically from unknown machines, IP addresses, or geolocations. Limit concurrent sessions to keep threat actors from using stolen login credentials to exploit open sessions.
)
)
Monitor access in real time
See all access attempts across your on-prem and hybrid AD, and set up alerts for instant detection and prevention. Remotely block sessions or logoff users to respond to suspicious activity and cut off lateral movement techniques.
)
)
Audit protected Windows access
Get accurate insights on all AD account access with tamper-proof, searchable audit logs.
)
)
Report on all access
Capture user login and session history with centralized, filterable reports. Satisfy incident response teams and prove compliance to auditors.
Why IT security teams choose UserLock for ransomware and lateral movement security
Simple, effective MFA
Add hardware, TOTP, or push-based MFA without disrupting how users sign in.
Limit concurrent logons and sessions
Allow a set number of initial access points, and choose to block concurrent logons. Policies follow AD users, groups, and OUs for easy setup and clean audits.
No cloud lock-in
Bring modern controls to on-prem AD, terminal servers, and legacy apps. Keep infrastructure costs down and close key identity security gaps.
Privilege abuse safeguards
Apply MFA on, get alerts for, and report on UAC (User Account Control) prompts to stop privilege escalation.
Instant visibility and response
Monitor logon behavior for signs of credential misuse or lateral movement patterns.
Audit-ready reports
Create searchable, filterable reports of all login events to prove you enforce required security policies.
)
)
)
)
Prevent lateral movement with multi-factor authentication (MFA)
Prevent lateral movement in your network with zero trust access security measures including multi-factor authentication (MFA), access controls, and privileged access management.
Read)
)
)
)
Defending Active Directory: Containing the threat of privilege abuse and escalation
Attackers often try to elevate their account privileges to move laterally inside the network. Stop privilege abuse in Active Directory with UserLock.
Read)
)
)
)
Active Directory 2FA verifies identity for all city employees following a ransomware attack
The City of Keizer needed to strengthen their access security after being hit by a ransomware attack. Implementing two-factor authentication for all users was at the top of the priority list.
Read
Read the case studyStrong 2FA and concurrent login restrictions for HIPAA compliance.
I can’t trust that someone is a legitimate user or administrator just because they were on a computer on-site. Now I can verify who’s using our computers with UserLock. ”
Mark Shorts
Lead Support Tech | Meadville Medical Center
Read the case studyWindows MFA meets cyber-insurance requirements
I've seen a lot of software over the years. UserLock is one of the most simple and user-friendly I've ever used. ”
IT Supervisor
US City Government
Read the case studyUserLock MFA is a high quality, full-featured product that performs as advertised.
Michael Commons
System Administrator | Dobbs Peterbilt
