If your Windows network has data that could be of any value to someone without proper authorization to access it, then your organization needs stronger access control.
The demand for secure access poses a serious challenge to IT professionals. IT have to balance network security with the need from users for quick and easy access to systems and information wherever they are located.
For this access controls are necessary to ensure only authorized users can obtain access to and organization’s information and systems. However the greatest risk to any organization comes from authorized users themselves.
An authorized user on the network might not be who they say they are. Cybercriminals attempt to exploit enterprise identity systems by attempting to compromise the credentials of legitimate users and gain access. An authorized user on the network might also be a disgruntled employee doing authorized things for malicious purposes.
So how do we identify “bad behavior” from employees or malicious access from phished, stolen or shared credentials and put a stop to it before it ends up costing us capital, customers and our reputation?
Control and respond to secure authorized user logins
On a Windows network, native Windows controls simply don’t cut it. Windows does not identify or prohibit compromised logins or alert IT about inappropriate network access. Windows does not provide workable monitoring or access and login intelligence to administrators.
Using a layered defense strategy and the supporting technology of UserLock, you can guarantee that users are who they say they are, far beyond what native Windows features can offer. With four simple steps, you can efficiently combat insider threats and the risk of compromised credentials without frustrating your end-users.
1. Define an Access Policy
Instead of simply allowing everyone to log onto whatever they want, create and enforce a customized access policy that establishes and enforces who can logon when, from where, for how long, how often and how frequent. Logins are the first line of defense in securing network access and therefore must be restricted and controlled across all session types. Transparent to the end user, this type of contextual access protection ensures employees remain productive and are not continually interrupted with additional security steps, for example tokens or smart-cards.
2. Enforce Automated Controls
Set controls to automatically close or lock user sessions or shut down workstations that are out of compliance with company access policies. An attempt to use compromised credentials from outside the designated area and/or devices is out rightly stopped – before damage is done.
3. Get Real Time Insights
Monitor and respond to network access in real-time. Schedule instant alerts triggered by predetermined access events (e.g., access denied, specific user etc.) Patterns of unusual activity may point to employees who are likely to commit a cyber crime. The ability to interact instantly with a suspect session, to lock the console, log off the user, or even block them from further logons helps ensure security at the logon.
4. Use Comprehensive Reports
Centralize and archive all access events occurring on your Windows systems. This step will facilitate and ease the burden of performing accurate, detailed IT forensics in the event of a security breach.
Access security and login control may not be the most glamorous initiative in the world, but it is a crucial one. According to the Cost of Data Breach Study compiled by the Ponemon Institute a data breach costs a U.S. enterprise an average of $3.6 million per incident.
How is your organization protecting your Microsoft Windows and Active Directory infrastructure from insider threats and their costly security consequences?
Start Your Free Trial Today
UserLock helps administrators to manage and secure access for every user, without obstructing employees or frustrating IT. Powerful protection for all Windows Active Directory domain logins, even when credentials are compromised.
*** This is a Security Bloggers Network syndicated blog from Enterprise Network Security Blog from ISDecisions authored by Chris Bunn. Read the original post at: https://www.isdecisions.com/blog/it-security/stronger-access-control-management/