Overview
Overseas Successful Login
The overseas successful login alert is triggered when a login is completed from a country outside the set home tenancy, or outside of the other allowed countries.
For a Successful Login
Protect user accounts
Detect suspicious behaviour
Lower time to intrusion detection
Monitor logs for integrity
Provide additional assurance
Impact
Real world impact
Problem Faced
Elizabeth is located in Australia, and normally works from the office or home. Elizabeth’s logins will normally be showing as from Australia. If Elizabeths’ account is showing as logged in from a different country – say the USA, then it may be an early sign that the account username and password has been compromised. If Elizabeth isn’t travelling, then in this situation we would advise an immediate password reset, and further investigation into the source of the login, and any other damage done.
Solution
It is critical that successful overseas logins are identified and verified as legitimate (or fraudulent) as a matter of priority. If it is a fraudulent login, then immediate action is required – the longer it is left, the more damage that could be done. The more data that could be stolen, the more staff, clients, and end-users that could be impacted. This is not a situation that you want to find out about weeks, months, or even years later.
Prevention
What are the main questions you should consider when working out how to manage this risk?
- Do you have a system or solution in place to detect overseas logins?
- If there was an overseas login from one of your users today, would you find out?
- How long do you think it would take to find out that one of your user accounts was logged in from an overseas location?
- Have you ever checked your system for overseas logins?
- What would the impact be on your organisation if a user account was compromised for an extended period of time without detection?
Problem Faced
Elizabeth is located in Australia, and normally works from the office or home. Elizabeth’s logins will normally be showing as from Australia. If Elizabeths’ account is showing as logged in from a different country – say the USA, then it may be an early sign that the account username and password has been compromised. If Elizabeth isn’t travelling, then in this situation we would advise an immediate password reset, and further investigation into the source of the login, and any other damage done.
Solution
It is critical that successful overseas logins are identified and verified as legitimate (or fraudulent) as a matter of priority. If it is a fraudulent login, then immediate action is required – the longer it is left, the more damage that could be done. The more data that could be stolen, the more staff, clients, and end-users that could be impacted. This is not a situation that you want to find out about weeks, months, or even years later.
Prevention
What are the main questions you should consider when working out how to manage this risk?
- Do you have a system or solution in place to detect overseas logins?
- If there was an overseas login from one of your users today, would you find out?
- How long do you think it would take to find out that one of your user accounts was logged in from an overseas location?
- Have you ever checked your system for overseas logins?
- What would the impact be on your organisation if a user account was compromised for an extended period of time without detection?
More
Blog
CatchBefore it is too late!
Your data is actively being targeted. Safeguard your information with proactive measures.