Effective Strategies to Minimize Failed Logons and Password Resets

A.

The security analyst has observed a pattern of failed logon attempts followed by password resets in several systems of an organization. To reduce the occurrence of legitimate failed logons and password resets, the analyst has four options:

A. Use SSO across all applications: Single sign-on (SSO) allows users to log in once and access multiple systems and applications without having to provide their credentials repeatedly. By implementing SSO, the organization can reduce the number of failed logon attempts and password resets caused by user error. However, SSO can also increase the risk of a single point of failure, making it easier for attackers to gain access to multiple systems if the SSO mechanism is compromised.

B. Perform a manual privilege review: A manual privilege review involves examining the access rights and permissions of users and determining whether they are necessary for their roles and responsibilities. This process can help identify and remove unnecessary access rights, reducing the likelihood of unauthorized access attempts and legitimate failed logon attempts. However, this process can be time-consuming and error-prone if performed manually.

C. Adjust the current monitoring and logging rules: By adjusting the monitoring and logging rules, the security analyst can identify patterns and anomalies in the logon attempts and take proactive measures to prevent failed logon attempts and password resets. For example, the organization can configure the system to lock out users after a certain number of failed attempts or monitor for suspicious activity patterns that indicate a potential breach. However, adjusting monitoring and logging rules can increase the workload for security analysts and generate false positives if not configured correctly.

D. Implement multifactor authentication: Multifactor authentication (MFA) requires users to provide more than one form of authentication, such as a password and a one-time code sent to their mobile device. This process can significantly reduce the risk of unauthorized access and failed logon attempts, as it requires attackers to have both the user's password and access to their mobile device. However, implementing MFA can increase the user's workload and may be difficult to implement for legacy systems.

In conclusion, all of the above options can be effective in reducing the occurrence of legitimate failed logons and password resets. The best option for the organization depends on its specific needs and circumstances. SSO is a good option if the organization needs to reduce user error, but it can also increase the risk of a single point of failure. A manual privilege review is effective in identifying and removing unnecessary access rights, but it can be time-consuming and error-prone. Adjusting the monitoring and logging rules can help identify patterns and anomalies, but it can increase the workload for security analysts and generate false positives. Implementing MFA is effective in reducing the risk of unauthorized access, but it can increase the user's workload and may be difficult to implement for legacy systems.