How make Authentication and User Access more Visible.

As most of the technical outages, leaks  and unplanned downtime is harming the business and also  exposing us to security risks also largely not because of attacks from outside but what the legitimate  users are doing.

 How are we meeting the challenge to manage user monitoring in an environment where challenges have  shifted slightly and key concerns are performance, budgeting, and increasingly popular BOYD culture  to make work easy and portable more.

Which brings us again to front that, how we can manage the compliance and security without compromising on the factors which enables security as well as portability of data on an age of Cloud and BOYD .  We come  across wide range of solutions promising the same but as time passes we find the most sought after security system in our arsenal is now pretty much a lame duck in case of an incident. So we have our compliance standards, to ensure data and information remains protected.

And talking of compliance like PCI DSS 2.0, and from august 2013 PCI DSS 3.0 is one such audit which comes as a nightmare for most of engineers and auditors, asking  wide range of requirements and controls managing deviations between the organizational and standard policy remains a critical task. With a very low space of error endanger the card holders data. But incidents do happen.

So in case of any  event, when everything seems to be perfectly normal, till we are reported that huge amount of sensitive information about our enterprise is now available online from a mission critical server and then starts the parade , after  this security team is bombarded with questions as

  • >> “Who was logged on the server?”
  • >> “Was it authenticated properly?”
  • >> “Where is the source of session?”
  • >> “Need a report of every activity on the server...!”
  • >> “But he is not supposed to be on the server...!”
  • >> “What protocol was used?”
  • >> “Did someone authenticated via iPad?”
  • >> “Was a file changed?”
  • >> “Why we can’t stop it?”

So it comes out as biggest problem. Having a capability where we can draw a report on session of the user comes out of to be as a greater advantage. So looking in the wide range of solutions IsDecisions Userlock combined with its File Audit, is one such solutions which not only enabled the answering of these questions and mostly preventing a scenario where we have to answer questions like these.

Now not only our customers have capabilityto  enforce better and more precise User policy as disallowing and multiple and concurrent logins which is one of key problem and monitor and that too with a total control without negotiating with our system resources and performance monitoring user access to RDP or monitoring authenticated WIFI sessions from BOYD, which again lowers chance of any snooping via wireless or other channels.

All in all Isdecisions Userlock seems to have empowered the system administrators to manage the security and enforce stringent control over unwanted sessions and enforce user policy like

  • >> Which users can login to the server.
  • >> From where users can login.
  • >> What time window to login.
  • >> Can or cannot use Wifi, VPN,  IIS .
  • >> What type of sessions can be allowed.
  • >> What protocols can be used

Isdecisions have been very useful in managing an important aspect  of PCI compliance as well as enabled to do a faster forensics to answer who where and how it happened.

Need to know more about ISDecisions :  Join  our Webinar

This post was posted in News

Posted on February 6, 2014 by admin There have been 0 comments

Featured Brands