USERLOCK

UserLock reduces the risk of external attacks, internal

security breaches and compliance issues
 WHAT DOES USERLOCK DO ?

CONTROL & PROTECT DETECT & RESPOND AUDIT & REPORT

Set restrictions using the
contextual information around
a user's logon, to help verify
all user's claimed identity, and
authorize, deny or limit
network access.
Real-time monitoring and risk
detection tools immediately
alert on suspicious logon
activity so you and take
action quickly.
A centralized audit on all
network logon events provides
detailed reports to track down
security threats, support
forensics and prove regulatory
compliance.
CONTROL & PROTECT

ORIGIN TIME
Limit access by location with Limit access to specific
controls at workstation, device, IP timeframes and set daily, weekly
CONTEXT-AWARE RESTRICTIONS range, organizational unit (OU), or monthly time quotas,
department, floor and building maximum session times and idle
Working alongside Active Directory to extend its
levels. session time.
security, UserLock can apply customized login
restrictions by user, group or organizational unit (OU).
Any logon attempts that don’t satisfy these conditions
are automatically blocked.

SESSION TYPE SIMULTANEOUS

Control workstation, terminal, Wi- CONNECTIONS
Fi, VPN and IIS sessions to protect
Limit the number of unique entry
both interactive sessions and
points and concurrent sessions to
network access for remote and
prevent simultaneous logins from
mobile users.
a single identity.
DETECT & RESPOND
RESPOND TO SUSPICIOUS ACCESS BEHAVIOR
Real-time monitoring and risk detection tools
immediately alert on suspicious logon activity
so you can take action quickly.
MONITOR & TRACK
UserLock offers real-time visibility and insight into all
users’ logon and logoff activity across an entire Windows
Server Active Directory network. Detect and immediately
respond to suspicious access at a glance.
ALERT & RESPOND
Get real-time alerts on specific connection events and
instantly react to suspicious access behavior. Choose to
also alert end-users on potential compromised or stolen
credentials.
AUDIT & REPORT

AUDIT LOGON EVENTS

A centralized audit on all network logon
events provides detailed reports to track
down security threats, support forensics
and prove regulatory compliance.
WEBHOOK
WEBHOOK NOTIFICATIONS
UserLock allows you to push updates directly to other
applications right when they happen, opening up new
automation possibilities. It allows real-time logon
notifications to be integrated into other applications or
monitoring platforms, and custom workflows can be
built based on specific access events.
Every user connection event - and logon attempt – will
be notified to the webhook URL alongside all user and
machine details associated with the event (IP address,
session type, time, etc.)
Feed granular logon data into your SIEM solution for more accurate analysis.
Feed granular logon data into time and attendance systems to accurately log
employees hours and overtime.
Integrate UserLock with software applications to allow line managers to easily
authorize temporary time extensions for any specific user.
Trigger real time processes such as blocking a user in Active Directory
following a suspicious logon event.
Integrate granular logon data with physical access control systems to better
control employee’s access to doorways or other entrance portals. (I.e. an
attempted access to a building using a compromised badge would be
unsuccessful if the user is currently already logged on at their desktop).
 TO COME

GEOLOCATION MULTIFACTOR
AUTHENTICATION
 INFRASTRUCTURE
UserLock works alongside Active Directory
in a Microsoft Windows Environment

NON-DISTRUPTIVE FAST FAST AGENT ALL

TECHNOLOGY
No modifications are made to
Active Directory or its schema.
UserLock works alongside
Active Directory to extend not
replace its security.
IMPLEMENTATION
Installed on any member server
of the domain, UserLock is
managed from any workstation
or remotely through a web
interface.
DEPLOYMENT
A micro agent is deployed
automatically (or manually) on all
machines. Once installed all access
connections are detected and
saved in the UserLock database.
SESSION TYPES
UserLock offers a variety of
agents according to the types
of session it has to monitor,
workstation, terminal, Wi-Fi &
VPN and IIS.
INFRASTRUCTURE

UserLock is a client server

application capable of auditing
and controlling different types
of user access connections.
HOW USERLOCK WORKS

GENERAL PROCESS DESCRIPTION (1/2)

The user enters their credentials to log on or to

establish a connection to the domain network.
These credentials are verified and validated
against Active Directory. If the authentication
process fails, the connection will be refused
by Windows and UserLock does not
intervene. The agent will however notify the
UserLock server about this logon failure.

Different agents are available depending on the

connection type to be audited and the technology
used to configure these connections. The general
process is the same regardless of the agent type.
HOW USERLOCK WORKS

GENERAL PROCESS DESCRIPTION (2/2)

If the authentication is successful, the

UserLock agent will transmit to the
UserLock server all information about the
context of the connection requested. The
UserLock server will then process and
analyze the data transmitted by the agent to
check access control rules, trigger any alerts,
refresh session information and save the
user connection event in the database. The
server then communicates its decision to
the agent regarding the acceptance or
refusal of the connection requested.
WHY DO YOU NEED USERLOCK?

IMMEDIATELY RESPOND TO LOGON EVENTS

Restrict, report, alert, block

CENTRALIZED LOGON LOGOFF FORENSICS

Powerful 100% accurate reporting

COMPLIANCE STARTS WITH THE LOGON

Stopping inappropriate access ultimately
begins with the logon

DISCOURAGE MALICIOUS AND CARELESS USER BEHAVIOR

Users are more careful when their login is restricted and monitored
WHY DO YOU NEED USERLOCK?

DEFENSE AGAINST COMPROMISED CREDENTIALS

Thanks to contextual access security

MAKE USERS ACCOUNTABLE FOR ANY ACTIVITY

Access is identifiable and assigned to an individual user

BEYOND ACTIVE DIRECTORY CONTROLS

• Restrictions by group and OU
• Initial access point identification
• Concurrent logins control
• Forcing logoff
• Warning and alerts
• Notifications of previous logon
• Temporary controls
ADVANTAGES OF USERLOCK

EASY TO USE
No training is necessary

FAST & SIMPLE TO INSTALL

Ready to use in minutes

NON-DISRUPTIVE TECHNOLOGY
No modification is made to Active Directory

TRANSPARENT FOR THE END USER

UserLock does not impede with productivity
 $

COST/BENEFIT ANALYSIS

How can UserLock help your organisation

reduce costs ?
COST/BENEFIT ANALYSIS (1/4)
AVOID THE COST OF A DATA BREACH
Immediately stop the threat before they
take action
Security should identify the potential threat as early in the
attack process as possible. The earlier detection occurs, the
less damage any threat actor (whether internal or external)
can do. Unlike security solutions that require an attacker to
perform some kind of inappropriate and damaging action,
UserLock acts before any access is achieved and before
damage is done.
The average cost of a data breach per compromised record is
$148* and the mean time to identify a breach is 197 days.
Global Payments and Heartland Payment Systems, both
reportedly spent over $100 million each to contain and
correct data breaches within their organizations.
*2018 Cost of a Data Breach Study from Ponemon Institute
AVOID THE COST OF CHASING FALSE
POSITIVES
Automated access controls help avoid false
positives
The dreaded part of any security solution is the potential for a
storm of alerts that turn out to be false positives. If something
should fall outside of established policies and restrictions,
UserLock automatically takes action before damage is done –
not only when IT intervenes.
Companies now waste an average of 425 hours a week*
responding to false positives.
*The Cost of Insecure Endpoints – Ponemon Institute
COST/BENEFIT ANALYSIS (2/4)
AVOID THE COST TO USER
PRODUCTIVITY
Easy adoption and no additional
security steps for the user
Security should not overwhelm and stifle
productivity. UserLock offers security behind
the scenes, protecting the users and the
environment until the moment the user is truly
conflicting with security protocol. No end-user
training making implementation easy.
REDUCED COST OF LARGE
SCALE DEPLOYMENTS
Scale effortlessly
UserLock integrates seamlessly with the
logon process and is adaptive to existing
Active Directory structure. Controls can be
applied at Active Directory Group levels for
general protection of large user bases and
augmented with individual user rules. A
scalable deployment engine makes
implementation easy and less time
consuming.
BUILD ON YOUR INVESTMENT
IN ACTIVE DIRECTORY
Reduce complexity
With non-disruptive technology that’s simple to
implement and intuitive to use, UserLock works
alongside your existing infrastructure – and
investment in Active Directory. An important
differentiator of UserLock is it requires no
modifications to AD accounts, its structure or its
schema.
COST/BENEFIT ANALYSIS (3/4)
SAVE TIME (AND COST) AUDITING USERS
Centralized auditing and automated reporting
Reduce the time and cost spent monitoring and auditing users’
access by up to 90%*. A comprehensive, centralized and
searchable audit trail makes it easy to perform accurate forensics
or prove regulatory compliance – freeing up time and resources
for other critical tasks.
Webhooks make it possible to feed UserLock’s event data into
an SIEM solution for more accurate analysis and improved
security.
*UserLock Case Study with Pernambuco State Traffic Department
SAVE TIME (AND COST) IN MANAGING
USERS & RESOURCES
Remote session management
Rather than investing in another tool, UserLock administrators
can interact remotely with any session to lock the console, log off
the user or even block them from further logons. This further
protects the network, optimizes shared resources, and improves
network performance and the associated financial costs. It also
saves administrators valuable time when managing a large number
of users.
COST/BENEFIT ANALYSIS (4/4)

PROTECT THE ORGANIZATION FROM COST EFFECTIVE!

COMPLIANCE FINES
Address compliance with industry
regulations
Many regulations (SOX, GLBA, PCI DSS…) ask organizations to
ensure access to the network is identifiable, audited and
attributed to an individual user. With UserLock, adherence to
these regulations helps build trust with customers and protects
the organization from compliance fines.
Accurate, effective and proven security
If you agree with the ‘when’ not ‘if‘ premise, then you already
know your security requires more investment. Security doesn’t
have to come at a high cost – but it does have to be effective in
relation to its cost. UserLock maximizes your chances of
stopping a threat before it starts.

For example, fines for noncompliance with PCI can reach up to

$100,000 per month*.
*PCI ComplianceGuide.org
After analyzing several other options,
we found UserLock gave us the most
accurate visibility on all user’s logon
and logoff activity. In addition, its ability
to easily enforce logon restrictions
allows us to not only detect and react
to abnormal logon activity but prevent
the inappropriate use of credentials.

Wilde Ho
IT Manager at Angliss
LEARN MORE ABOUT USERLOCK