FortiSOAR™ excels in addressing Concurrent Logins, a scenario where attackers attempt simultaneous access from different locations. Imagine a scenario where a user's credentials are compromised, leading to Concurrent Logins detected from multiple global locations. This situation demands immediate action to prevent unauthorized access, data breaches, and potential damage. Here, is how FortiSOAR's automated playbooks now come in action:
-
Geographic Location Identification:
- FortiSOAR™ automatically pinpoints the geographic origin of the concurrent logins, flagging potential threats from unexpected regions.
-
Blocking Malicious Source IP Addresses:
- Integration with Fortinet FortiGate firewalls allows instant blocking of malicious source IP addresses, preventing further unauthorized access attempts.
-
User Profiling from Active Directory:
- Leveraging Microsoft's Active Directory, the playbook extracts user details, aiding in swift identification and response to potential insider threats.
-
Behavior Analysis - Last 4 Hours:
- Examining the user's login history over the last four hours provides context, helping security teams distinguish normal activity from suspicious behavior.
-
Temporary User Disablement:
- With IT team approval, the playbook temporarily disables the compromised user account, containing the threat and allowing for a thorough investigation.
-
Password Reset on Subsequent Attempts:
- If the user attempts to log in again, FortiSOAR™ automatically resets their password, thwarting further unauthorized access attempts.
FortiSOAR™ proves its mettle by providing a rapid and automated response.
Reference: https://fortisoar.contenthub.fortinet.com//detail.html?entity=impossibleTravellerThreatResponse&vers...
