contact@securehero.com
Facebook
Twitter
Google+
LinkedIn
YouTube
  • PRODUCTS
    • FILE SYSTEM AUDITOR
    • GROUP REPORTER
    • LOGON REPORTER
    • PERMISSION REPORTER
  • PRICING
  • SUPPORT
  • BLOG
  • ABOUT US
  • CONTACT

Top 5 reasons why you need to track user logons

October 13, 2014blogwp_admin

I am sure that words “user login” or “user logon” has become a part of your dictionary a long time ago now. An you as a network admin on duty or “a guy with a technical background” might be one of a few who actually knows the difference between the two terms.

What you might wonder is how important it is to know about user logons happening on your network. Here are 5 good reasons why:

1. Know Who.  When bad things happen the uneasy question “Who Did It?” comes up and you better be prepared.  Knowing who was logged in around the time of the security incident provides crucial data for the security investigation and helps you draw a circle of potential suspects.

2. Know What.  When somebody is trying to brute force in to a computer on your network you want to know, right? That’s why tracking failed logons attempts is a no brainer. How else do you know what is going on with accounts of your users?

3. Know When.  You certainly have a solid account deprovisioning policy in place but something still keeps you up at night. How do you make sure that terminated accounts are no longer used? What if something went wrong and the account of the disgruntled employee is still used somewhere on the corporate network? Well here is when tracking last logon time of your domain accounts comes into play.

4. Know Where.  Sometimes knowing where your users have logged on to is really the only way to mitigate the risk of the most dangerous vulnerabilities. The official recommendation from Microsoft to safeguard yourself from the Pass-the-Hash vulnerability is to control where privileged accounts have been used.  If you know what computers domain and local administrators have been logging on to you will be able to tell if any of those systems is any less protected and if there is a risk of those credentials being compromised.

5. Know From Where.  How do you know that access to resources on your network only comes from expected locations? What if somebody contracts the work out to developers in China gladly passing them on all the legitimate login credentials to explore the inners of your protected network?  Tracking the origin (the network location user logon came from) of user logons is the simplest and yet very effective measure to protect your organization from the leakage of sensitive data.

This summarizes the 5 W’s you need to know about logons of your users: Who, What, When, Where and From Where.

Tracking logons is a regular hygiene you have to do to keep your network secure and protect accounts of your users. It turns out that tracking and reporting on user account logons is also one of the key requirements of various regulations such as PCI-DSS, SOX, HIPAA and others. But this is worth whole another story…

Now how do you track user logons without too much trouble? The good news is that experts from the SecureHero team know how. Download Logon Reporter completely for free and get all of the 5Ws of user logons!

 

 

Tags: admin logons, lastlogontime, logon tracking, pass-the-hash, user logons, windows logons
Previous post Logon Reporter 1.0 released! Next post How to track user logons with native Windows tools

Related Articles

How to track user logons with native Windows tools

October 20, 2014wp_admin

Logon Reporter – How we do it

October 29, 2014wp_admin

Recent Posts

  • Simplicity, Scalability and Stability
  • New Product: Permission Reporter!
  • SecureHero Management Platform 2.0 Released
  • New product: Group Reporter!
  • Active Directory User and Group Reporting: Users with old passwords

Archives

  • October 2016
  • May 2016
  • November 2015
  • September 2015
  • August 2015
  • July 2015
  • June 2015
  • February 2015
  • January 2015
  • October 2014
  • September 2014
  • July 2014
Facebook
Twitter
Google+
LinkedIn
YouTube

Recent Posts

  • Simplicity, Scalability and Stability
  • New Product: Permission Reporter!
  • SecureHero Management Platform 2.0 Released
home

Orange, CA 92866, US

mail

contact@securehero.com

PricingSupportPrivacy Policy
© 2017 SecureHero LLC