It’s vital to note that login irregularities and failures are both excellent indicators of compromise. A quick analysis into the failed login patterns can help you:

Gauge the effectiveness of password management policies A very high count in login failures might be an indication that the password hygiene policies are just too stringent and ambitious. Monitoring failed login attempts helps organizations gauge and refine AD password management policies to prevent needless account lockouts without compromising their network security.

Find careless employees who frequently forget their passwords Track login attempts to find employees who are negligent in managing their passwords and put your whole organization at risk. Conduct regular security awareness training sessions to educate and caution your users about the consequences of violating the organization’s password policies and reset procedures.

Account lockouts are one of the most frustrating tasks for a help desk technician or admin. From the hours spent figuring out the source of the lockout to finally resolving it, admins and help desk technicians know firsthand what a waste of time and energy they can be. Sometimes, the business impact of accounts lockouts is severe enough to cost not only time and money, but reputation as well.

Continuous lockouts followed by a successful logon could indicate a successful attempt at hacking the user’s account. Simply resolving the lockout would not suffice in this case; other anomalous activities by the same user need to be analyzed to identify patterns that are telltale signs of a breach. For example, an account lockout followed by a successful logon, followed by a large volume of file deletions.

Account lockouts aren’t just an administrative problem any more. They need to be skilfully analyzed to uncover a potential threat to the organization’s network. Here’s a checklist of possible causes to account lockouts that need to be considered when performing an analysis: