In my previous post I gave you an example how logon events could become a cornerstone of a real life security investigation. It turns out tracking down employee hired outsourcers breaking into your network is not the only way this “attribute of every hacker movie” can save organizations a lot of money. Ever thought how logon events could play a vital role in class action lawsuits? Read on.
The second story is never less interesting. A major telecom provider was featured in a case with its call center employees, which felt frustrated with unachievable performance objections and of course underpaid. According to those that filed a class action suite they had to work off the clock to take care of their email and other preparatory tasks before they logged on to the system to answer the calls. Apparently, the company has been employing some kind of time tracking system that compared the employee logon time in the beginning of the day with the time they logged off before they left for the day. Why did this turn out to not be enough?
Well, first of all this is not solely a technology issue. It might start in a way employees approach their job responsibilities, plan their day and even receive instructions from management. I am not going to dive into this aspect of the problem.
What I would find interesting is how this time tracking system accounts for things that happen in between those two official markers of the day: logon and logoff. What happens when employees finish their calls and take time to check email on their smartphones? What happens when they leave for lunch? What happens when they forget to logoff before they leave their workplace for the day? It is not only about logons and logoffs any more but rather about counting “periods of user activity” when employees are actively interfacing with the business application.
As you can see, logon events can find a great use in the situations you never expect up front. Usually, you have to have a technology in place that would remove the pain of managing these events from thousands of systems and make sure that you can get meaningful insight into this data when the time comes.
Need references? Check out Dell InTrust that recently received exciting new features including “superior user logon tracking”. It is superior because it tracks a lot more than native logon and logoff events can do. Not only does it capture the exact duration of each user logon session and factors in events like workstation lock, accidental system shutdown and screensaver activity, but It also lets you build daily and weekly reports showing the total time users were found actively logged on to their desktops.
With this patent pending InTrust technology in place every user check in and check out at her desktop is accounted for. By capturing critical user activity data and storing that in a tamper proof archive you gain critical evidences admissible in the court of law.
This post was originally published here.
Tags: auditing, event logs, intrust, logoff, logon, security logs, user activity
GoCloudy Blog 
Leave a Reply