Identifying Abnormal Authentication

Associating Users with Workstations and Detecting Inappropriate Logons

How do you determine when a nosy or potentially malicious insider tries to log on to another user’s workstation with their own account? What’s the best way to find a malicious user who attempts to log on to his or her own computer using a colleague’s password? How do you detect password sharing?

In this on-demand webinar, LogRhythm’s Marcos Schejtman teams up with Ultimate Windows Security’s Randy Franklin Smith to help you understand how to associate users with workstations and detect anomalous logon events.

You’ll learn how to utilize information available in the Active Directory and how you can use a simple pattern match by consistently following a naming convention that distinguishes servers and workstations. Additionally, you’ll gain a greater understanding about solutions that reduce the mean time to detect (MTTD) static and interactive abnormal authentications in multiple ways.

In this webinar, you’ll see subsets of LogRhythm’s User and Entity Behavior Analytics (UEBA) capabilities in action with two use cases:

  • How to use a static method to recognize user activity within an organization
  • How a trend behavioral method recognizes user login activity and compare it against the actual activity

Watch the on-demand webinar now to learn how to effectively spot abnormal user behavior and logon attempts.