Using Syspeace also for internal protection and access reporting.
Most Syspeace users have the software in place to protect them mainly from external threats from the Internet such as hacking attempts via brute-force attacks and dictionary attacks.
Quite often, the internal network ranges are excluded in the local whitelist by sysadmins, thus never blocking anything from those IP addresses or network ranges.
Some of our customers though have also discovered Syspeace to be an excellent tool to keep track of failed internal logins, which might be important to keep track of.
If you’re not keeping track of internal failed login attempts, it might be hard to spot for instance a virus/trojan infected PC on your network that tries to log in to every PC and server that is available or if a user is trying to access servers or assets they’re not supposed to. With Syspeace, the attack is automatically blocked, and reported and the sysadmin is alerted that something’s happening.
There can be downsides to not excluding internal IP ranges since there is a risk of for instance blocking a server from communicating with another, but if you’re vigilant and think these things through, it’s mostly an administrative task to remember that you’ve got Syspeace when you’ve changed an administrators password or whatever.
Creating reports on user logins
Another great feature of Syspeace is the reporting section that enables sysadmins to create reports and statistics about user logins such as when from where and even how often from that location they’ve actually been logged in.
For instance, if a user claims to have been working from home in July, it’s quite easy for a sysadmin to actually verify this using the Access Reports section to create .csv files with statistics.
Now, if the IP address originates from Spain and your company is only in Sweden…
If you’re using a Windows Server-based Cloud Service, for instance, it might be difficult for you to get hold of such information, even if you ask for it.
However, if your cloud Service provider is running Syspeace to protect you and other customers it’s a walk in the park for the provider to get you that information if you need it for some reason.
Syspeace stores failed and successful login in a local database, so even if the Windows security event log is cleared, the information can still be obtained by Syspeace.
Download a free, fully functional trial at / and have your Windows, Citrix, RDS, Sharepoint, Exchange, OWA, RDWEB, SQL servers, and more instantly protected from hacking attempts.
Leave a Reply
Want to join the discussion?Feel free to contribute!