Russel, a chief security officer for a renowned enterprise is one of EventLog Analyzer customers. Recently we had a quick review of his EventLog Analyzer deployment. One of the requirements that makes our hay shine is ‘User based activity’ reports on EventLog Analyzer.
User activity reports offer an enterprise to check various security related transactions done by users in an enterprise’s IT network. This report enables the IT manager to carry out PUMA audit on privileged users with various rights, and end results of their transactions.
Before EventLog Analyzer deployment, Russell was initially worried because, quite a number of failed logons were done by his Administrators.
“An Administrator’s One Failed log- on event on one server is acceptable, but One Failed log-on event on a couple of servers at the same time, by a privileged user is ‘Anomaly’, and you need a top priority attention to nail down this user”.
User Activity reports or Privilege User Monitoring & Auditing on EventLog Analyzer is intended with this scenario in mind. Combination of host wise user activity, and user vise host activity, along with notification profiles easily offered him to track the source of such transactions.
Now, he can log off peacefully at the end of the day, as he got the answer for his valid question on internal security.
“Quis custodiet ipsos custodies”?