Abnormal Access Protection

Virtually all secure systems require Abnormal Access Protection, as secure systems rely on resources being accessed by properly authenticated staff with the appropriate level of permission. When attempts are made to compromise an account, it is vital to know what normal user behaviour looks like in order to identify anomalies. This identification allows the system to take immediate action to neutralise threats.

Most of these serious attacks start when an account on the system is compromised, with the attacker then waiting for the right moment to breach your data. The effects can be devastating - particularly if access is gained through a privileged system administrator account. By implementing our Managed Security Service, your system’s activity will be monitored with any abnormal and suspicious activity being flagged immediately.

Key Features:

• Monitor Normal Account Usage

  This creates a record of normal account usage and user behaviour that allows anomalies to be proactively identified. This is done by showing the systems and resources that an account normally accesses and recording when it accesses them.

• Create Account Usage Baseline

  Creates a comprehensive database of account usage, including information on login time, login source and resources access, to ensure everything is recorded in an easily manageable format.

• Monitor Source of Login

  Abnormal access protection also records the source of each login to create a cohesive view of what behaviour is normal for that account.

• Monitor Failed Authentication Attempts

  It also monitors failed attempts at authentication, as repeated failures may indicate that an attack is in progress.

What is Abnormal Access Protection?

Abnormal Access Protection prevents unauthorised access to your system whereby attackers can then access your resources, systems and data. Having this protection in place is essential as it maintains the integrity of your infrastructure and allows you to have full-access security control, monitor user activity and easily detect any suspicious behaviour that may indicate an attack is underway.

By having user access control and the ability to monitor key systems to identify abnormal behaviour, you can proactively prevent attacks before they take place. Without this measure, attackers could access your system via a user account - or worse, an administrator account - and wait for the perfect opportunity to stage a breach. Our Managed Security Service provides the most comprehensive authentication monitoring available, giving your system the protection it needs.

How do you monitor abnormal access to your user’s accounts?

To monitor and identify abnormal user behaviours in your system, you must first identify what normal behaviour looks like. This allows the security system to distinguish between the two - taking normal as the baseline - and then flag any anomalies or suspicious activity which may be indicative of an attack.

What are the benefits of having Abnormal Access Protection from iomart?

At iomart, we provide comprehensive Abnormal Access Protection which will protect your system from being compromised. This is done by using normal user behaviour as a baseline in order to identify abnormal behaviour and restrict access to suspicious users. This efficient and reactive security measure is crucial to prevent vulnerable systems being exploited by attackers via a compromised user or administrator account. Without this system in place, IT teams may struggle to identify abnormal behaviour and therefore fail to prevent a costly breach from taking place.

What is access control?

Access control refers to when you authorise and authenticate user access to your system, allowing you to control the information each user sees and uses. This ensures that no unauthorised users can access confidential data or systems that require high levels of protection. Ultimately, access controls are one of the first processes that are investigated for faults after a data breach.

Access control consists of two main components: authentication and authorisation. The former is a technique that is used to verify that the user trying to access the system is who they say they are, while the latter determines whether the user should be granted access to the data that they are attempting to see. Both processes work in conjunction and need to be fully operational for access control to work effectively.

Types of access control

There are a few different types of access control models to be aware of. Which you opt for depends on which is best for your business requirements, based on the type, amount and sensitivity of the data you need to protect. These types of access control include:

• Discretionary Access Control (DAC)

  This is when the data owner decides on and manually grants levels of access to the data. This is best for smaller organisations with an easily-manageable team of users.

• Mandatory Access Control (MAC)

  This is when people are granted access based on information clearance from a central authority.

• Role-Based Access Control (RBAC)

  As the name suggests, users are assigned a role and given access levels based on just that. This ensures only appropriate users are able to view relevant data points.

• Attribute-Based Access Control (ABAC)

  This method involves assigning each user a series of attributes (such as time of day or location) to determine their resource access. This is based on the systems’ ‘normal’ user access behaviour.