Detect, React and Prevent the risk from Improper User Access
Angliss Hong Kong has over 70 years’ experience as a food business in the Hong Kong marketplace. They develop comprehensive programs, guidelines and procedures to cover all aspects of their food service business, such as supplier management, production, packaging and distribution.
To better protect their proprietary information as well as their IT resources, Angliss were looking to guard against unauthorized and improper user access.
The Challenge
When it comes to tracking when, where, how and whether a user account can logon, native Active Directory was failing the IT team at Angliss. There was no easy way to see if a user’s credentials were compromised or be alerted on for any abnormal activity.
The Needs
- Visibility and accuracy on all users’ logon and logoff activity.
- The ability to flag suspicious access events in real-time.
- Ensure access to the network is identifiable, audited and attributed to an individual user - to make sure users actions were adhering to company policy.
- Prevent the inappropriate use of user credentials and stop unauthorized access.
- A non-disruptive solution that works alongside Active Directory to extend, not replace, its security.
The Solution
UserLock offered a level of security that was not possible with native Active Directory or with scripts. It offers the most accurate audit of when, where and how a user account logged on and off.
Installed in 30 minutes the agent was easy to deploy. This effectiveness made the decision even easier.
UserLock also enforces logon restrictions (times of day, which machines, how many concurrent logins, etc.) to out-rightly prevent many inappropriate use of credentials (whether from an insider or external threat). This helps move our security from one of just ‘detect and react’ to a focus on ‘prevention’.
Data breaches involving the misuse of credentials usually take months or years to be detected [1]. With UserLock we have a scalable solution that significantly helps to reduce the threat of a security breach.
[1] Verizon, Data Breach Investigations Report (2017)