If you are an administrator in charge of password management and password security for a large enterprise, then you know how important it is to stay on top of a complex range of events ─ from expired passwords and passwords not meeting strength rules to questionable login behaviors and inappropriate password usage.
These various events are occurring constantly when you have hundreds or thousands of individuals (both legitimate and unauthorized) attempting access to your systems. There are just too many opportunities that people can exploit to gain unauthorized access. Numerous user authentication behaviors ─ both maliciously intentional and unwitting ─ could signal as well as trigger a security risk. These events typically need to be addressed and some require immediate attention if the overall security of the enterprise could be compromised.
User authentication events that administrators need to track include the following, among others:
- Whose password expired?
- When was the last login/logoff?
- Passwords used that do not meet strength rules
- How many bad passwords were used during login?
- Who struck out or got locked out?
- Was a guest account used?
- Was an administrator account used?
- Was a deactivated account used?
- Who changed their password?
To stay on top of any potential or real password security issues occurring out there, administrators must audit user activity vigilantly, but also maintain audit trails and, more importantly, require real-time notification of the issues that arise.
A rule-based, event-driven alert system would assist administrators on many levels. They would be able to:
- Discover flaws in their authentication process
- Isolate and track the activities of individual users
- Ensure that systems are working properly
- Demonstrate compliance with government and industry regulations