{"id":6142,"date":"2018-04-24T16:53:25","date_gmt":"2018-04-24T21:53:25","guid":{"rendered":"http:\/\/allidm.com\/blog\/?p=6142"},"modified":"2018-04-24T16:53:25","modified_gmt":"2018-04-24T21:53:25","slug":"webinar-identifying-abnormal-authentication-associating-users-with-workstations-and-detecting-when-users-try-to-logon-to-someone-elses-workstation","status":"publish","type":"post","link":"https:\/\/allidm.com\/blog\/webinar-identifying-abnormal-authentication-associating-users-with-workstations-and-detecting-when-users-try-to-logon-to-someone-elses-workstation\/","title":{"rendered":"Webinar &#8211; Identifying Abnormal Authentication: Associating Users with Workstations and Detecting When Users (Try to) Logon to Someone Else\u2019s Workstation"},"content":{"rendered":"<h2>Webinar &#8211; Identifying Abnormal Authentication: Associating Users with Workstations and Detecting When Users (Try to) Logon to Someone Else\u2019s Workstation <\/h2>\n<p>How do you determine when a nosy or potentially malicious insider tries to logon to another user\u2019s workstation with their own account, or to their own computer with a colleague\u2019s password? How do you detect password sharing?<\/p>\n<p>The first hurdle is knowing which account each workstation belongs to \u2013 a time consuming affair at a large organization. If you have an accurate and up-to-date asset management system that has this information &#8212; and if you can regularly import it into your SIEM &#8212; that\u2019s a strong first step. But most organizations I work with really struggle on this score.<br \/>\nIn most cases, it\u2019s more practical to automatically associate users and computer based on logon history. But you have to take into account turnover both in users and computers. A static baseline will only produce increasing false positives until it becomes useless.<\/p>\n<p>Read more at &#8211; <a href=\"https:\/\/www.ultimatewindowssecurity.com\/webinars\/register.aspx?id=1503\" rel=\"noopener\" target=\"_blank\">Webinar &#8211; Identifying Abnormal Authentication: Associating Users with Workstations and Detecting When Users (Try to) Logon to Someone Else\u2019s Workstation <\/a><\/p>\n<p><a href=\"https:\/\/i0.wp.com\/allidm.com\/blog\/wp-content\/uploads\/2018\/02\/Identity_and_Access_Management_Post.png\"><img data-recalc-dims=\"1\" decoding=\"async\" data-attachment-id=\"6019\" data-permalink=\"https:\/\/allidm.com\/blog\/establishing-trust-with-identity-governance-intelligence\/identity_and_access_management_post\/#main\" data-orig-file=\"https:\/\/i0.wp.com\/allidm.com\/blog\/wp-content\/uploads\/2018\/02\/Identity_and_Access_Management_Post.png?fit=141%2C124&amp;ssl=1\" data-orig-size=\"141,124\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Identity_and_Access_Management_Post\" data-image-description=\"&lt;p&gt;AllIDM Identity and Access Management , Cloud Management&lt;\/p&gt;\n\" data-image-caption=\"\" data-large-file=\"https:\/\/i0.wp.com\/allidm.com\/blog\/wp-content\/uploads\/2018\/02\/Identity_and_Access_Management_Post.png?fit=141%2C124&amp;ssl=1\" loading=\"lazy\" src=\"https:\/\/i0.wp.com\/allidm.com\/blog\/wp-content\/uploads\/2018\/02\/Identity_and_Access_Management_Post.png?resize=141%2C124\" alt=\"\" width=\"141\" height=\"124\" class=\"alignnone size-full wp-image-6019\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Webinar &#8211; Identifying Abnormal Authentication: Associating Users with Workstations and Detecting When Users (Try to) Logon to Someone Else\u2019s Workstation How do you determine when a nosy or potentially malicious insider tries to logon to another user\u2019s workstation with their own account, or to their own computer with a colleague\u2019s password? How do you detect [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[210,109,88],"tags":[57,491],"class_list":["post-6142","post","type-post","status-publish","format-standard","hentry","category-cloud-2","category-directory","category-identity-space","tag-authentication","tag-iam-webinar"],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p25vfy-1B4","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/6142","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/comments?post=6142"}],"version-history":[{"count":1,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/6142\/revisions"}],"predecessor-version":[{"id":6143,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/posts\/6142\/revisions\/6143"}],"wp:attachment":[{"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/media?parent=6142"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/categories?post=6142"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/allidm.com\/blog\/wp-json\/wp\/v2\/tags?post=6142"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}