SlideShare ist ein Scribd-Unternehmen logo

The Business Case for Automated Account Lockout Management

Netwrix Corporation
Netwrix Corporation

This white paper discusses the challenges of account lockout management and the benefits of an automated solution. It notes that account lockouts are necessary for security but result in help desk calls and lost productivity. Managing account lockouts manually is complex and time-consuming. The paper estimates that organizations can save $23,500-$70,500 annually by automating account lockout resolution through a product like NetWrix Account Lockout Examiner. This provides faster resolution and proactive handling of lockouts.

Technologie
1 von 12
Downloaden Sie, um offline zu lesen
White Paper: The Business Case for Account Lockout Management written by NetWrix Corporation r
© Copyright NetWrix Corporation. 2007. All rights reserved. This guide contains proprietary information, which is protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's personal use without the written permission of NetWrix Corporation. WARRANTY The information contained in this document is subject to change without notice. NetWrix Corporation makes no warranty of any kind with respect to this information. NETWRIX SPECIFICALLY DISCLAIMS THE IMPLIED WARRANTY OF THE MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. NetWrix Corporation shall not be liable for any direct, indirect, incidental, consequential, or other damage alleged in connection with the furnishing or use of this information. TRADEMARKS All trademarks and registered trademarks used in this guide are property of their respective owners. http://www.netwrix.com phone: +1.888.NETWRIX (888.638.9749) Updated—August 20, 2007 2 of 2
The Business Case for Account Lockout Management CONTENTS CONTENTS 1 INTRODUCTION 2 BENEFITS AND DISADVANTAGES OF ACCOUNT LOCKOUTS 3 THE CHALLENGE OF ACCOUNT LOCKOUT MANAGEMENT 4 THE COST OF ACCOUNT LOCKOUT 5 AUTOMATED SOLUTION APPROACH 6 CALCULATING RETURN ON INVESTMENT 7 CONCLUSION 8 ABOUT NETWRIX CORPORATION 9 NOTES 10 1 of 10
White Paper INTRODUCTION How many help desk calls you get from users asking to reset their passwords? How much you spend on administrative staff just to handle account lockout issues? Loss of productivity, lots of frustrated users, huge administrative burden are just some of inevitable implications of implementing a strong password policy which is business critical to succeed today. You‘re not alone – recent research shows, in most organizations, more than 30% of helpdesk activity caused by account lockout issues. So, should you just give up to user complaints or there is a better way to keep up strong security requirements and effectively resolve account lockouts at the same time? Of course you can simplify password policies and reduce costs associated with your helpdesk, allowing easy to remember, non-secure passwords which never expire. But obviously, such practices make enterprise more vulnerable and introduce some other undesired effects. This white paper covers the account lockout management process and introduces new cost-effective workflows of account lockout resolution, describing significant ROI enterprises can achieve through the use of automated management solutions. 2 of 10
The Business Case for Account Lockout Management BENEFITS AND DISADVANTAGES OF ACCOUNT LOCKOUTS Account lockout is the process of automatically disabling (―locking‖) a user account based on certain criteria such as too many failed logon attempts. The purpose behind account lockout is to prevent attackers from brute-force attempts to guess a user's password - too many bad guesses and you're locked out. On the one hand, account lockout provides a good base for implementing secure password policies as it makes quite impossible for an attacker to perform password guessing (also known as brute-force) attacks against user account passwords. Typical value for Account Lockout Policy (suggested by Microsoft in their Account Lockout Best Practices white paper1) automatically locks user accounts after 10 invalid logon attempts, preventing further logons for 30 minutes. Then after 30 minutes elapse, the attacker gets another 10 attempts, but obviously it will take thousands of years to successfully crack the password. Combined with Password Policy, namely ‗Maximum Password Age‘ setting, which forces users to change password periodically (e.g. every 30 days), this creates virtually bullet-proof password security. On the other hand, imagine the situation when user returns from long vacation and tries to remember his or her password, doing a number of guesses, and exceeds given number of attempts. Or the user can just mistype password 10 times at once simply because he hasn‘t had his coffee yet. This makes account locked out and follows with a call to helpdesk, consuming expensive business resources, both in terms of the time spent resolving this issue and the loss of employee productivity. Password expiration brings another challenge – once password is changed, it gets updated in Active Directory, but nowhere else. What does it mean? Ideally, users change their passwords in the beginning of business day, during first logon. But in practice passwords expire at any time and the old password still remains in use in many places by active user sessions, batch processes, mapped network drives and others. Most complicated scenarios occurs when critical system services and scheduled tasks continue to use stale credentials constantly making their account locked out without giving any visual indication – the applications start behaving unpredictably and services will eventually fail. 1 White paper is available at the following URL: http://www.microsoft.com/downloads/details.aspx?FamilyID=8c8e0d90- a13b-4977-a4fc-3e2b67e3748e&DisplayLang=en 3 of 10
White Paper THE CHALLENGE OF ACCOUNT LOCKOUT MANAGEMENT Needless to say, account lockout is a must have feature for all modern networks and failing to implement that you are putting your entire organization‘s security at big risk. But how to deal with all complications related to account lockout issues? Let‘s first divide common reasons for account lockouts into major categories and then describe typical workflows. Categories are: 1) Human factor - user mistyped or forgot his or her password. 2) Machine factor - system services, background applications and similar objects that use stale credentials. 3) External factor - brute-force attacks attempting to break your network security. 4) Other reasons - e.g. failure of Active Directory replication. Human Factor Mistyped or forgotten password is the most common scenario, which happens all the time and creates many helpdesk tickets, however is quite straightforward to resolve: helpdesk person obtains account name from user, asks some verification questions (e.g. mother‘s maiden name or place of birth) and first tries to unlock the account, in case the user can still remember the password. If the user can‘t remember, helpdesk person sets new temporary password, user logs on and prompted for new password by the system. Tricky part here is a secret question/answer pair – special database shall be maintained which associates user accounts and their secrets. If you don‘t implement verification procedure, you lose security, since potentially anyone can contact helpdesk, request password reset and easily logon to the network, gaining access to confidential business data. User verification is also a part of Sarbanes-Oxley (SOX) compliance with regards to secure organization environment. Machine Factor As stated above, such issues arise when services and applications continue to use old password after it was changed because of password expiration policy requirements. New password must be applied to every place where account is referred, failing to do this results in account lockout, since programs accessing protected resources request authentication on domain controllers using old credentials and domain controllers enforce lockout policy. Other ways account can get locked out include: - Stale logon credentials cached by Windows. - Scheduled tasks setup under stale credentials. - Network shares mapped under stale credentials. - Disconnected terminal service sessions that use stale credentials. - Users logging into multiple computers at once and changing password on one of them. Resolution of account lockout in this scenario is much more complex and usually involves routine checking of every possible object which might be causing account lockout. Server administrators must update all references manually (e.g. set new password for service accounts and scheduled tasks, remap network drives, reset terminal sessions etc) and 4 of 10
The Business Case for Account Lockout Management then unlock the account in question. Note this way may require multiple iterations to fix all possible references. External Factor Brute-force attacks can pursue two possible targets: password cracking and logon prevention. In the first case, the attacker performs sequential password guessing, usually dictionary-based, which works for weak passwords, such as common cat and dog names, year of birth and some other typical words which people tend to use for passwords. In the latter case the attacker doesn‘t care for the user‘s password, but rather interested in preventing the user from logging on to the network or disrupting operation of some business-critical service, to create denial of service (DoS) condition. These examples may seem somewhat contrived since they assume an attacker has physical access to the network, however new wireless technologies can provide perfect base for this. Typical responses to such attacks include firewall-based blocking of IP addresses, MAC addresses and SSIDs of wireless devices. Other Reasons Active Directory is a fail-safe distributed environment which involves usage of multiple authentication points (domain controllers). Along with many benefits this architecture introduces some weak points related to domain data replication and critical point here is account passwords. Whenever password is changed after expiration, it must replicated to all domain controllers within organization, otherwise authentication will work inconsistently – some DCs will use new passwords while others continue to use old ones. First thing to consider is latency - replication is not instant, especially when it comes to multiple AD sites. Another thing is possible replication failures – network links break from time to time, domain controllers become temporarily unavailable and many other reasons can prevent replication to occur timely and properly. THE COST OF ACCOUNT LOCKOUT Even the most efficient organization can spend too much on account lockout management. Typically almost one third of time is spent by IT departments for resolution of account lockouts and password issues. The time spent by IT personnel is only the top of the iceberg, as soon as lost user productivity and service downtime are taken into consideration. It can be difficult to calculate exact cost of a single account lockout resolution, since it depends on organization and types of accounts affected. For user accounts, assuming that every incident takes 1 hour in average, both for IT person (time needed for investigation and unlocking) and user itself (lost productivity), the cost can be $50-$100 per incident. The most expensive part is service accounts – the cost of their lockout can vary from few hundreds to many thousands of dollars, depending on number of users affected by service downtime. But even in the best case, given the lowest numbers possible, it becomes evident that automated account lockout management solutions can quickly bring significant benefits and dramatically reduce associated costs. 5 of 10
White Paper AUTOMATED SOLUTION APPROACH Is there any way of minimizing expenses associated with account lockout management? The answer to this question is automation - specialized software solution capable of doing most routine work related to account lockouts - detection, identification of reason and resolution. Combined with improved helpdesk workflow, this can reduce implementation costs dramatically. Primary goal of such solutions is to simplify common tasks performed by helpdesk personnel and decrease average time required to resolve account lockouts. Typical non-automated resolution workflow usually looks like this: 1. User receives 'account locked out' error and calls helpdesk. 2. Helpdesk verifies user, unlocks the account, and optionally resets password. Unlock and reset operations must be done on domain controller closest to the user, otherwise the account could be locked out once again. 3. If the problem persists, user calls helpdesk once again and asks for further investigation. 4. Helpdesk person performs routine lookup of possible sources of account references, which might be causing the account to become locked and asks user to fix them. 5. After checking all account references, helpdesk person unlocks the account. 6. If the problem persists anyway, steps 4 and 5 repeated until all causes are fixed. For example, if task scheduled to run weekly uses stale credentials, it will cause account to become locked out each week until updated with new password. Improved automated workflow would look like this: 1. Helpdesk personnel are automatically notified when account is being locked out, even before user picks up the phone. 2. Software performs routine scan of account references and reports this information to responsible helpdesk person. 3. User calls helpdesk and, after verification, helpdesk person either provides a list of account references which need to be fixed and/or performs reset password/unlock operation (solution automatically does this on closest domain controller to avoid replication issues). Apparently, improved workflow includes fewer steps, takes less time to complete and has one important advantage – account lockouts are handled pro-actively – helpdesk team start resolving them even before frustrated user gives a call. Total number of lockouts decreases significantly, since all possible lockout reasons get eliminated at once, without any further reoccurrences. Additional benefit of specialized solution will be simplicity of user interface with minimal learning curve, to avoid hiring expensive high-skilled IT personnel or educate helpdesk personnel to use complex administrative tools like Active Directory Users and Computers and many other programs required to perform this task. They will use only one tool, easy to use and narrowed down to the problem area. Good solution should also allow web- based helpdesk access, which is a simple to deploy and very cost-effective approach. 6 of 10
The Business Case for Account Lockout Management CALCULATING RETURN ON INVESTMENT Let‘s estimate ROI for automated account lockout management solution based on most optimistic numbers for 1000-user company as an example. ASSUMPTIONS Number of regular users 1000 Number of IS/IT employees 4 Average IS/IT employee salary / hour $25 Average number of account lockouts for each user per year 4 Time needed to resolve account lockout without automated 20 solution (in minutes) Time needed to resolve account lockout by means of 5 automated solution (in minutes) Cost of automated solution (per admin user) $300 COSTS Annual cost w/o automation $33’000 Annual cost with automation $8'300 Software investment $1’200 ROI ANALYSIS 1 Year ROI / Savings $23’500 3 Year ROI / Savings $70’500 7 of 10
White Paper CONCLUSION On the one hand, account lockout policy is a must have requirement for most organizations, on the other hand account lockout resolution is a very challenging task, which consumes many IT resources and introduces additional costs. The benefit for implementing an automated account lockout resolution is significant. Improved management workflow combined with specialized software solution reduces costs, brings security enhancements and ensures compliance. NetWrix Corporation offers the Account Lockout Examiner to address major account lockout challenges, including ones described in this white paper. Please visit www.netwrix.com to learn how this product can meet requirements of your organization and request your free evaluation. 8 of 10
The Business Case for Account Lockout Management ABOUT NETWRIX Corporation Established in 2006, NetWrix Corporation provides innovative and cost-effective solutions that simplify and automate systems management and compliance. With in-depth knowledge and experience in managing IT environments of all sizes, the company delivers solutions to meet complicated business requirements while fulfilling the highest expectations of IT professionals. NetWrix Corporation is a privately held company headquartered in Paramus, New Jersey. Contacting NetWrix Toll-free Phone: 888.638.9749 Web site: www.netwrix.com Address: 140 E. Ridgewood Ave Suite 415 South Tower Paramus, NJ 07652 Contacting NetWrix Support Technical support is available to customers who have a trial version of a NetWrix product or who have purchased a commercial version and have a valid maintenance contract. Contact NetWrix Support at http://www.netwrix.com/support. 9 of 10
White Paper NOTES 10 of 10

Empfohlen

PCI and Remote Vendors
PCI and Remote VendorsPCI and Remote Vendors
PCI and Remote VendorsObserveIT
 
IRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET Journal
 
CNS599_NLEN_InformationSecurity
CNS599_NLEN_InformationSecurityCNS599_NLEN_InformationSecurity
CNS599_NLEN_InformationSecurityTaishaun Owens
 
Get Ahead of your Next Security Breach
Get Ahead of your Next Security BreachGet Ahead of your Next Security Breach
Get Ahead of your Next Security BreachAbhishek Sood
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comamaranthbeg55
 
3rd party information security assessment guideline
3rd party information security assessment guideline3rd party information security assessment guideline
3rd party information security assessment guidelinePriyanka Aash
 
20111012 Sap Datasheet Site
20111012 Sap Datasheet Site20111012 Sap Datasheet Site
20111012 Sap Datasheet SiteNicola_Milone
 
8 Holes in Windows Login Controls
8 Holes in Windows Login Controls8 Holes in Windows Login Controls
8 Holes in Windows Login ControlsIS Decisions
 

Empfohlen

PCI and Remote Vendors
PCI and Remote VendorsPCI and Remote Vendors
PCI and Remote VendorsObserveIT
 
IRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET- Enhancement in Netbanking Security
IRJET- Enhancement in Netbanking SecurityIRJET Journal
 
CNS599_NLEN_InformationSecurity
CNS599_NLEN_InformationSecurityCNS599_NLEN_InformationSecurity
CNS599_NLEN_InformationSecurityTaishaun Owens
 
Get Ahead of your Next Security Breach
Get Ahead of your Next Security BreachGet Ahead of your Next Security Breach
Get Ahead of your Next Security BreachAbhishek Sood
 
Cyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comCyb 610 Motivated Minds/newtonhelp.com
Cyb 610 Motivated Minds/newtonhelp.comamaranthbeg55
 
3rd party information security assessment guideline
3rd party information security assessment guideline3rd party information security assessment guideline
3rd party information security assessment guidelinePriyanka Aash
 
20111012 Sap Datasheet Site
20111012 Sap Datasheet Site20111012 Sap Datasheet Site
20111012 Sap Datasheet SiteNicola_Milone
 
8 Holes in Windows Login Controls
8 Holes in Windows Login Controls8 Holes in Windows Login Controls
8 Holes in Windows Login ControlsIS Decisions
 
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET Journal
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
Standard IAM Business Processes: Corporate / Intranet Deployment
Standard IAM Business Processes: Corporate / Intranet DeploymentStandard IAM Business Processes: Corporate / Intranet Deployment
Standard IAM Business Processes: Corporate / Intranet DeploymentHitachi ID Systems, Inc.
 
network-host-reconciliation
network-host-reconciliationnetwork-host-reconciliation
network-host-reconciliationGordon Mackay - CISSP
 
Ebusiness Auditing
Ebusiness AuditingEbusiness Auditing
Ebusiness Auditingnewarttech
 
From Password Reset to Authentication Management
From Password Reset to Authentication ManagementFrom Password Reset to Authentication Management
From Password Reset to Authentication ManagementHitachi ID Systems, Inc.
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
I Series User Management
I Series User ManagementI Series User Management
I Series User ManagementSJeffrey23
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions www.ijeijournal.com
 
Hitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Systems, Inc.
 
76 s201923
76 s20192376 s201923
76 s201923IJRAT
 
The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementRyan Gallavin
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolIJERD Editor
 
Course Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemCourse Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemTheodore Le
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity managementNis
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iPrecisely
 
8 марта
8 марта8 марта
8 мартаKep_dm
 
Equivalent exponential situations
Equivalent exponential situationsEquivalent exponential situations
Equivalent exponential situationsamcsquared
 
Social media presentation 8th mar 2012
Social media presentation 8th mar 2012Social media presentation 8th mar 2012
Social media presentation 8th mar 2012NPTC Libraries
 
Leadership development to drive buisness success
Leadership development to drive buisness successLeadership development to drive buisness success
Leadership development to drive buisness successInstitute of Leadership & Management
 
Estefania Acosta Lesson 8 step by step
Estefania Acosta Lesson 8 step by stepEstefania Acosta Lesson 8 step by step
Estefania Acosta Lesson 8 step by stepeacosta007
 
CLIMA HIT Płock
CLIMA HIT PłockCLIMA HIT Płock
CLIMA HIT PłocksalonyVi
 

Weitere ähnliche Inhalte

Was ist angesagt?

IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET Journal
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_briefHai Nguyen
 
Standard IAM Business Processes: Corporate / Intranet Deployment
Standard IAM Business Processes: Corporate / Intranet DeploymentStandard IAM Business Processes: Corporate / Intranet Deployment
Standard IAM Business Processes: Corporate / Intranet DeploymentHitachi ID Systems, Inc.
 
Ebusiness Auditing
Ebusiness AuditingEbusiness Auditing
Ebusiness Auditingnewarttech
 
From Password Reset to Authentication Management
From Password Reset to Authentication ManagementFrom Password Reset to Authentication Management
From Password Reset to Authentication ManagementHitachi ID Systems, Inc.
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
I Series User Management
I Series User ManagementI Series User Management
I Series User ManagementSJeffrey23
 
76 s201923
76 s20192376 s201923
76 s201923IJRAT
 
The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementRyan Gallavin
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolIJERD Editor
 
Course Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemCourse Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemTheodore Le
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity managementNis
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iPrecisely
 

Was ist angesagt? (16)

IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
 
Pg 2 fa_tech_brief
Pg 2 fa_tech_briefPg 2 fa_tech_brief
Pg 2 fa_tech_brief
 
Standard IAM Business Processes: Corporate / Intranet Deployment
Standard IAM Business Processes: Corporate / Intranet DeploymentStandard IAM Business Processes: Corporate / Intranet Deployment
Standard IAM Business Processes: Corporate / Intranet Deployment
 
network-host-reconciliation
network-host-reconciliationnetwork-host-reconciliation
network-host-reconciliation
 
Ebusiness Auditing
Ebusiness AuditingEbusiness Auditing
Ebusiness Auditing
 
From Password Reset to Authentication Management
From Password Reset to Authentication ManagementFrom Password Reset to Authentication Management
From Password Reset to Authentication Management
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
 
I Series User Management
I Series User ManagementI Series User Management
I Series User Management
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
Hitachi ID Password Manager Brochure
Hitachi ID Password Manager BrochureHitachi ID Password Manager Brochure
Hitachi ID Password Manager Brochure
 
76 s201923
76 s20192376 s201923
76 s201923
 
The Essentials | Privileged Access Management
The Essentials | Privileged Access ManagementThe Essentials | Privileged Access Management
The Essentials | Privileged Access Management
 
M-Pass: Web Authentication Protocol
M-Pass: Web Authentication ProtocolM-Pass: Web Authentication Protocol
M-Pass: Web Authentication Protocol
 
Course Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information SystemCourse Session Outline - Internal control in Information System
Course Session Outline - Internal control in Information System
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity management
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
 

Andere mochten auch

8 марта
8 марта8 марта
8 мартаKep_dm
 
Equivalent exponential situations
Equivalent exponential situationsEquivalent exponential situations
Equivalent exponential situationsamcsquared
 
Social media presentation 8th mar 2012
Social media presentation 8th mar 2012Social media presentation 8th mar 2012
Social media presentation 8th mar 2012NPTC Libraries
 
Estefania Acosta Lesson 8 step by step
Estefania Acosta Lesson 8 step by stepEstefania Acosta Lesson 8 step by step
Estefania Acosta Lesson 8 step by stepeacosta007
 
CLIMA HIT Płock
CLIMA HIT PłockCLIMA HIT Płock
CLIMA HIT PłocksalonyVi
 
Sellick Partnership Legal Division
Sellick Partnership Legal DivisionSellick Partnership Legal Division
Sellick Partnership Legal Divisionkatejasper
 
WOŁOSZYN Żary
WOŁOSZYN ŻaryWOŁOSZYN Żary
WOŁOSZYN ŻarysalonyVi
 
My dream cars
My dream carsMy dream cars
My dream carsKevin Ng
 
Exchange Auditing in the Enterprise
Exchange Auditing in the EnterpriseExchange Auditing in the Enterprise
Exchange Auditing in the EnterpriseNetwrix Corporation
 
GETTING THROUGH THE DAY WITH MITO: Treatments, Supplements and Humor
GETTING THROUGH THE DAY WITH MITO: Treatments, Supplements and HumorGETTING THROUGH THE DAY WITH MITO: Treatments, Supplements and Humor
GETTING THROUGH THE DAY WITH MITO: Treatments, Supplements and Humormitoaction
 
хун гүнжийн домог
хун гүнжийн домогхун гүнжийн домог
хун гүнжийн домогltuya
 
Excel charts
Excel chartsExcel charts
Excel chartsJesse911_
 
Dieci idee 5 indivisuality
Dieci idee 5 indivisuality Dieci idee 5 indivisuality
Dieci idee 5 indivisuality Gaia Zanini
 
Practica de photoshop 4
Practica de photoshop 4Practica de photoshop 4
Practica de photoshop 4JF-Navii-Alex
 
Mealworms study protein content
Mealworms study protein contentMealworms study protein content
Mealworms study protein contentPaulo Junior
 

Andere mochten auch (20)

8 марта
8 марта8 марта
8 марта
 
Equivalent exponential situations
Equivalent exponential situationsEquivalent exponential situations
Equivalent exponential situations
 
Social media presentation 8th mar 2012
Social media presentation 8th mar 2012Social media presentation 8th mar 2012
Social media presentation 8th mar 2012
 
Leadership development to drive buisness success
Leadership development to drive buisness successLeadership development to drive buisness success
Leadership development to drive buisness success
 
Estefania Acosta Lesson 8 step by step
Estefania Acosta Lesson 8 step by stepEstefania Acosta Lesson 8 step by step
Estefania Acosta Lesson 8 step by step
 
CLIMA HIT Płock
CLIMA HIT PłockCLIMA HIT Płock
CLIMA HIT Płock
 
Sellick Partnership Legal Division
Sellick Partnership Legal DivisionSellick Partnership Legal Division
Sellick Partnership Legal Division
 
WOŁOSZYN Żary
WOŁOSZYN ŻaryWOŁOSZYN Żary
WOŁOSZYN Żary
 
Ub0203
Ub0203Ub0203
Ub0203
 
Photographs by Cindy Momchilov
Photographs by Cindy MomchilovPhotographs by Cindy Momchilov
Photographs by Cindy Momchilov
 
My dream cars
My dream carsMy dream cars
My dream cars
 
Exchange Auditing in the Enterprise
Exchange Auditing in the EnterpriseExchange Auditing in the Enterprise
Exchange Auditing in the Enterprise
 
Market Update4 2012
Market Update4 2012Market Update4 2012
Market Update4 2012
 
GETTING THROUGH THE DAY WITH MITO: Treatments, Supplements and Humor
GETTING THROUGH THE DAY WITH MITO: Treatments, Supplements and HumorGETTING THROUGH THE DAY WITH MITO: Treatments, Supplements and Humor
GETTING THROUGH THE DAY WITH MITO: Treatments, Supplements and Humor
 
хун гүнжийн домог
хун гүнжийн домогхун гүнжийн домог
хун гүнжийн домог
 
Sccc mathematics
Sccc mathematicsSccc mathematics
Sccc mathematics
 
Excel charts
Excel chartsExcel charts
Excel charts
 
Dieci idee 5 indivisuality
Dieci idee 5 indivisuality Dieci idee 5 indivisuality
Dieci idee 5 indivisuality
 
Practica de photoshop 4
Practica de photoshop 4Practica de photoshop 4
Practica de photoshop 4
 
Mealworms study protein content
Mealworms study protein contentMealworms study protein content
Mealworms study protein content
 

Ähnlich wie The Business Case for Automated Account Lockout Management

Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesHitachi ID Systems, Inc.
 
Netreo whitepaper 5 ways to avoid it management becoming shelfware
Netreo whitepaper 5 ways to avoid it management becoming shelfwareNetreo whitepaper 5 ways to avoid it management becoming shelfware
Netreo whitepaper 5 ways to avoid it management becoming shelfwarePeter Reynolds
 
Centralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopCentralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopPortalGuard
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerHitachi ID Systems, Inc.
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight BackMTG IT Professionals
 
Password Management Before User Provisioning
Password Management Before User ProvisioningPassword Management Before User Provisioning
Password Management Before User ProvisioningHitachi ID Systems, Inc.
 
5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!Caroline Johnson
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
The Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving ComplianceThe Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving CompliancePortalGuard
 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklistbackdoor
 
Banking Management System Project
Banking Management System ProjectBanking Management System Project
Banking Management System ProjectChaudhry Sajid
 
ThinkDox implementation whitepaper for ECM
ThinkDox implementation whitepaper for ECMThinkDox implementation whitepaper for ECM
ThinkDox implementation whitepaper for ECMChristopher Wynder
 
5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business Accounts5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business AccountsAnayaGrewal
 

Ähnlich wie The Business Case for Automated Account Lockout Management (20)

Successful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment ChallengesSuccessful Enterprise Single Sign-on: Addressing Deployment Challenges
Successful Enterprise Single Sign-on: Addressing Deployment Challenges
 
Netreo whitepaper 5 ways to avoid it management becoming shelfware
Netreo whitepaper 5 ways to avoid it management becoming shelfwareNetreo whitepaper 5 ways to avoid it management becoming shelfware
Netreo whitepaper 5 ways to avoid it management becoming shelfware
 
Maximizing Value
Maximizing ValueMaximizing Value
Maximizing Value
 
Defining Enterprise Identity Management
Defining Enterprise Identity ManagementDefining Enterprise Identity Management
Defining Enterprise Identity Management
 
Self-service Password Reset
Self-service Password ResetSelf-service Password Reset
Self-service Password Reset
 
Centralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows DesktopCentralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows Desktop
 
Large Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity ManagerLarge Scale User Provisioning with Hitachi ID Identity Manager
Large Scale User Provisioning with Hitachi ID Identity Manager
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
Intro To Secure Identity Management
Intro To Secure Identity ManagementIntro To Secure Identity Management
Intro To Secure Identity Management
 
Password Management Before User Provisioning
Password Management Before User ProvisioningPassword Management Before User Provisioning
Password Management Before User Provisioning
 
5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!5 Reasons Why Your Business Should Consider Strong Authentication!
5 Reasons Why Your Business Should Consider Strong Authentication!
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
The Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving ComplianceThe Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving Compliance
 
NLOGIX
NLOGIXNLOGIX
NLOGIX
 
Security Policy Checklist
Security Policy ChecklistSecurity Policy Checklist
Security Policy Checklist
 
Banking Management System Project
Banking Management System ProjectBanking Management System Project
Banking Management System Project
 
Data Protection Governance IT
Data Protection Governance ITData Protection Governance IT
Data Protection Governance IT
 
ThinkDox implementation whitepaper for ECM
ThinkDox implementation whitepaper for ECMThinkDox implementation whitepaper for ECM
ThinkDox implementation whitepaper for ECM
 
5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business Accounts5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business Accounts
 
Dit yvol2iss41
Dit yvol2iss41Dit yvol2iss41
Dit yvol2iss41
 

Mehr von Netwrix Corporation

File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and whereNetwrix Corporation
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureNetwrix Corporation
 
Top 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsTop 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsNetwrix Corporation
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryNetwrix Corporation
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureNetwrix Corporation
 
NetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetwrix Corporation
 
Auditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsAuditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsNetwrix Corporation
 
Auditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsAuditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsNetwrix Corporation
 
Automated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsAutomated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsNetwrix Corporation
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceNetwrix Corporation
 
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingHow the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingNetwrix Corporation
 
Ensuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaEnsuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaNetwrix Corporation
 
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Netwrix Corporation
 
Active Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseActive Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseNetwrix Corporation
 
Extending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerExtending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerNetwrix Corporation
 
Staying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesStaying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesNetwrix Corporation
 

Mehr von Netwrix Corporation (18)

File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and where
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructure
 
Top 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsTop 5 identity management challenges and solutions
Top 5 identity management challenges and solutions
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directory
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT Infrastructure
 
NetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don Jones
 
Auditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsAuditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal Regulations
 
Auditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsAuditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases Auditors
 
Automated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsAutomated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users Accounts
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
 
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingHow the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
 
Ensuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaEnsuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable Media
 
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
 
Active Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseActive Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the Enterprise
 
Extending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerExtending Change Auditing to Exchange Server
Extending Change Auditing to Exchange Server
 
Staying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesStaying Abreast of Group Policy Changes
Staying Abreast of Group Policy Changes
 
File Auditing in the Enterprise
File Auditing in the EnterpriseFile Auditing in the Enterprise
File Auditing in the Enterprise
 
File auditing on NetApp Filer
File auditing on NetApp Filer File auditing on NetApp Filer
File auditing on NetApp Filer
 

Kürzlich hochgeladen

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 

Kürzlich hochgeladen (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 

The Business Case for Automated Account Lockout Management

  • 1. White Paper: The Business Case for Account Lockout Management written by NetWrix Corporation r
  • 2. © Copyright NetWrix Corporation. 2007. All rights reserved. This guide contains proprietary information, which is protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's personal use without the written permission of NetWrix Corporation. WARRANTY The information contained in this document is subject to change without notice. NetWrix Corporation makes no warranty of any kind with respect to this information. NETWRIX SPECIFICALLY DISCLAIMS THE IMPLIED WARRANTY OF THE MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. NetWrix Corporation shall not be liable for any direct, indirect, incidental, consequential, or other damage alleged in connection with the furnishing or use of this information. TRADEMARKS All trademarks and registered trademarks used in this guide are property of their respective owners. http://www.netwrix.com phone: +1.888.NETWRIX (888.638.9749) Updated—August 20, 2007 2 of 2
  • 3. The Business Case for Account Lockout Management CONTENTS CONTENTS 1 INTRODUCTION 2 BENEFITS AND DISADVANTAGES OF ACCOUNT LOCKOUTS 3 THE CHALLENGE OF ACCOUNT LOCKOUT MANAGEMENT 4 THE COST OF ACCOUNT LOCKOUT 5 AUTOMATED SOLUTION APPROACH 6 CALCULATING RETURN ON INVESTMENT 7 CONCLUSION 8 ABOUT NETWRIX CORPORATION 9 NOTES 10 1 of 10
  • 4. White Paper INTRODUCTION How many help desk calls you get from users asking to reset their passwords? How much you spend on administrative staff just to handle account lockout issues? Loss of productivity, lots of frustrated users, huge administrative burden are just some of inevitable implications of implementing a strong password policy which is business critical to succeed today. You‘re not alone – recent research shows, in most organizations, more than 30% of helpdesk activity caused by account lockout issues. So, should you just give up to user complaints or there is a better way to keep up strong security requirements and effectively resolve account lockouts at the same time? Of course you can simplify password policies and reduce costs associated with your helpdesk, allowing easy to remember, non-secure passwords which never expire. But obviously, such practices make enterprise more vulnerable and introduce some other undesired effects. This white paper covers the account lockout management process and introduces new cost-effective workflows of account lockout resolution, describing significant ROI enterprises can achieve through the use of automated management solutions. 2 of 10
  • 5. The Business Case for Account Lockout Management BENEFITS AND DISADVANTAGES OF ACCOUNT LOCKOUTS Account lockout is the process of automatically disabling (―locking‖) a user account based on certain criteria such as too many failed logon attempts. The purpose behind account lockout is to prevent attackers from brute-force attempts to guess a user's password - too many bad guesses and you're locked out. On the one hand, account lockout provides a good base for implementing secure password policies as it makes quite impossible for an attacker to perform password guessing (also known as brute-force) attacks against user account passwords. Typical value for Account Lockout Policy (suggested by Microsoft in their Account Lockout Best Practices white paper1) automatically locks user accounts after 10 invalid logon attempts, preventing further logons for 30 minutes. Then after 30 minutes elapse, the attacker gets another 10 attempts, but obviously it will take thousands of years to successfully crack the password. Combined with Password Policy, namely ‗Maximum Password Age‘ setting, which forces users to change password periodically (e.g. every 30 days), this creates virtually bullet-proof password security. On the other hand, imagine the situation when user returns from long vacation and tries to remember his or her password, doing a number of guesses, and exceeds given number of attempts. Or the user can just mistype password 10 times at once simply because he hasn‘t had his coffee yet. This makes account locked out and follows with a call to helpdesk, consuming expensive business resources, both in terms of the time spent resolving this issue and the loss of employee productivity. Password expiration brings another challenge – once password is changed, it gets updated in Active Directory, but nowhere else. What does it mean? Ideally, users change their passwords in the beginning of business day, during first logon. But in practice passwords expire at any time and the old password still remains in use in many places by active user sessions, batch processes, mapped network drives and others. Most complicated scenarios occurs when critical system services and scheduled tasks continue to use stale credentials constantly making their account locked out without giving any visual indication – the applications start behaving unpredictably and services will eventually fail. 1 White paper is available at the following URL: http://www.microsoft.com/downloads/details.aspx?FamilyID=8c8e0d90- a13b-4977-a4fc-3e2b67e3748e&DisplayLang=en 3 of 10
  • 6. White Paper THE CHALLENGE OF ACCOUNT LOCKOUT MANAGEMENT Needless to say, account lockout is a must have feature for all modern networks and failing to implement that you are putting your entire organization‘s security at big risk. But how to deal with all complications related to account lockout issues? Let‘s first divide common reasons for account lockouts into major categories and then describe typical workflows. Categories are: 1) Human factor - user mistyped or forgot his or her password. 2) Machine factor - system services, background applications and similar objects that use stale credentials. 3) External factor - brute-force attacks attempting to break your network security. 4) Other reasons - e.g. failure of Active Directory replication. Human Factor Mistyped or forgotten password is the most common scenario, which happens all the time and creates many helpdesk tickets, however is quite straightforward to resolve: helpdesk person obtains account name from user, asks some verification questions (e.g. mother‘s maiden name or place of birth) and first tries to unlock the account, in case the user can still remember the password. If the user can‘t remember, helpdesk person sets new temporary password, user logs on and prompted for new password by the system. Tricky part here is a secret question/answer pair – special database shall be maintained which associates user accounts and their secrets. If you don‘t implement verification procedure, you lose security, since potentially anyone can contact helpdesk, request password reset and easily logon to the network, gaining access to confidential business data. User verification is also a part of Sarbanes-Oxley (SOX) compliance with regards to secure organization environment. Machine Factor As stated above, such issues arise when services and applications continue to use old password after it was changed because of password expiration policy requirements. New password must be applied to every place where account is referred, failing to do this results in account lockout, since programs accessing protected resources request authentication on domain controllers using old credentials and domain controllers enforce lockout policy. Other ways account can get locked out include: - Stale logon credentials cached by Windows. - Scheduled tasks setup under stale credentials. - Network shares mapped under stale credentials. - Disconnected terminal service sessions that use stale credentials. - Users logging into multiple computers at once and changing password on one of them. Resolution of account lockout in this scenario is much more complex and usually involves routine checking of every possible object which might be causing account lockout. Server administrators must update all references manually (e.g. set new password for service accounts and scheduled tasks, remap network drives, reset terminal sessions etc) and 4 of 10
  • 7. The Business Case for Account Lockout Management then unlock the account in question. Note this way may require multiple iterations to fix all possible references. External Factor Brute-force attacks can pursue two possible targets: password cracking and logon prevention. In the first case, the attacker performs sequential password guessing, usually dictionary-based, which works for weak passwords, such as common cat and dog names, year of birth and some other typical words which people tend to use for passwords. In the latter case the attacker doesn‘t care for the user‘s password, but rather interested in preventing the user from logging on to the network or disrupting operation of some business-critical service, to create denial of service (DoS) condition. These examples may seem somewhat contrived since they assume an attacker has physical access to the network, however new wireless technologies can provide perfect base for this. Typical responses to such attacks include firewall-based blocking of IP addresses, MAC addresses and SSIDs of wireless devices. Other Reasons Active Directory is a fail-safe distributed environment which involves usage of multiple authentication points (domain controllers). Along with many benefits this architecture introduces some weak points related to domain data replication and critical point here is account passwords. Whenever password is changed after expiration, it must replicated to all domain controllers within organization, otherwise authentication will work inconsistently – some DCs will use new passwords while others continue to use old ones. First thing to consider is latency - replication is not instant, especially when it comes to multiple AD sites. Another thing is possible replication failures – network links break from time to time, domain controllers become temporarily unavailable and many other reasons can prevent replication to occur timely and properly. THE COST OF ACCOUNT LOCKOUT Even the most efficient organization can spend too much on account lockout management. Typically almost one third of time is spent by IT departments for resolution of account lockouts and password issues. The time spent by IT personnel is only the top of the iceberg, as soon as lost user productivity and service downtime are taken into consideration. It can be difficult to calculate exact cost of a single account lockout resolution, since it depends on organization and types of accounts affected. For user accounts, assuming that every incident takes 1 hour in average, both for IT person (time needed for investigation and unlocking) and user itself (lost productivity), the cost can be $50-$100 per incident. The most expensive part is service accounts – the cost of their lockout can vary from few hundreds to many thousands of dollars, depending on number of users affected by service downtime. But even in the best case, given the lowest numbers possible, it becomes evident that automated account lockout management solutions can quickly bring significant benefits and dramatically reduce associated costs. 5 of 10
  • 8. White Paper AUTOMATED SOLUTION APPROACH Is there any way of minimizing expenses associated with account lockout management? The answer to this question is automation - specialized software solution capable of doing most routine work related to account lockouts - detection, identification of reason and resolution. Combined with improved helpdesk workflow, this can reduce implementation costs dramatically. Primary goal of such solutions is to simplify common tasks performed by helpdesk personnel and decrease average time required to resolve account lockouts. Typical non-automated resolution workflow usually looks like this: 1. User receives 'account locked out' error and calls helpdesk. 2. Helpdesk verifies user, unlocks the account, and optionally resets password. Unlock and reset operations must be done on domain controller closest to the user, otherwise the account could be locked out once again. 3. If the problem persists, user calls helpdesk once again and asks for further investigation. 4. Helpdesk person performs routine lookup of possible sources of account references, which might be causing the account to become locked and asks user to fix them. 5. After checking all account references, helpdesk person unlocks the account. 6. If the problem persists anyway, steps 4 and 5 repeated until all causes are fixed. For example, if task scheduled to run weekly uses stale credentials, it will cause account to become locked out each week until updated with new password. Improved automated workflow would look like this: 1. Helpdesk personnel are automatically notified when account is being locked out, even before user picks up the phone. 2. Software performs routine scan of account references and reports this information to responsible helpdesk person. 3. User calls helpdesk and, after verification, helpdesk person either provides a list of account references which need to be fixed and/or performs reset password/unlock operation (solution automatically does this on closest domain controller to avoid replication issues). Apparently, improved workflow includes fewer steps, takes less time to complete and has one important advantage – account lockouts are handled pro-actively – helpdesk team start resolving them even before frustrated user gives a call. Total number of lockouts decreases significantly, since all possible lockout reasons get eliminated at once, without any further reoccurrences. Additional benefit of specialized solution will be simplicity of user interface with minimal learning curve, to avoid hiring expensive high-skilled IT personnel or educate helpdesk personnel to use complex administrative tools like Active Directory Users and Computers and many other programs required to perform this task. They will use only one tool, easy to use and narrowed down to the problem area. Good solution should also allow web- based helpdesk access, which is a simple to deploy and very cost-effective approach. 6 of 10
  • 9. The Business Case for Account Lockout Management CALCULATING RETURN ON INVESTMENT Let‘s estimate ROI for automated account lockout management solution based on most optimistic numbers for 1000-user company as an example. ASSUMPTIONS Number of regular users 1000 Number of IS/IT employees 4 Average IS/IT employee salary / hour $25 Average number of account lockouts for each user per year 4 Time needed to resolve account lockout without automated 20 solution (in minutes) Time needed to resolve account lockout by means of 5 automated solution (in minutes) Cost of automated solution (per admin user) $300 COSTS Annual cost w/o automation $33’000 Annual cost with automation $8'300 Software investment $1’200 ROI ANALYSIS 1 Year ROI / Savings $23’500 3 Year ROI / Savings $70’500 7 of 10
  • 10. White Paper CONCLUSION On the one hand, account lockout policy is a must have requirement for most organizations, on the other hand account lockout resolution is a very challenging task, which consumes many IT resources and introduces additional costs. The benefit for implementing an automated account lockout resolution is significant. Improved management workflow combined with specialized software solution reduces costs, brings security enhancements and ensures compliance. NetWrix Corporation offers the Account Lockout Examiner to address major account lockout challenges, including ones described in this white paper. Please visit www.netwrix.com to learn how this product can meet requirements of your organization and request your free evaluation. 8 of 10
  • 11. The Business Case for Account Lockout Management ABOUT NETWRIX Corporation Established in 2006, NetWrix Corporation provides innovative and cost-effective solutions that simplify and automate systems management and compliance. With in-depth knowledge and experience in managing IT environments of all sizes, the company delivers solutions to meet complicated business requirements while fulfilling the highest expectations of IT professionals. NetWrix Corporation is a privately held company headquartered in Paramus, New Jersey. Contacting NetWrix Toll-free Phone: 888.638.9749 Web site: www.netwrix.com Address: 140 E. Ridgewood Ave Suite 415 South Tower Paramus, NJ 07652 Contacting NetWrix Support Technical support is available to customers who have a trial version of a NetWrix product or who have purchased a commercial version and have a valid maintenance contract. Contact NetWrix Support at http://www.netwrix.com/support. 9 of 10
  • 12. White Paper NOTES 10 of 10