We proposed to deliver an analytic solution for detection of suspicious activities of users in internal information systems. Our aim was to provide a user-friendly application that helps users to monitor and analyse the suspicious behaviour on a regular basis and helps to prevent information security threats.
The solution was built on ADWnow! (www.adwnow.cz) – this is a platform for creation and delivery of a data warehouse as a service. The platform loads application logs and further the data analytics solution provides a set of reports and dashboards to end users.
As there are daily data loads to the solution there are many more use cases of the solution and the analysis of suspicious behaviour of end users can be systematic.
Scope of delivery:
- overview dashboard
- unsuccessful login
- new user accounts
- requests for password resets
- usage of invalid activation code
- unauthorized access attempts
- application errors
- login in non-standard time
- login from outdated web browser
- login from unusual IP address
- unauthorized access from mobile device