1. Field of the Invention
The present disclosure relates generally to computer system security and, more specifically, to a system and method for monitoring authentication attempts.
2. Description of the Related Art
Remote users are typically allowed to access a local area network (LAN) via a virtual private network (VPN) service. To access the LAN, a remote user typically authenticates with the VPN service by providing a unique user name and password combination. Once authenticated, the user is able to access the LAN as if the user was local to the LAN. More specifically, a user who accesses the LAN via the VPN service has authority to view and modify assets within the LAN, such as documents and emails, as if the user was local to the LAN.
Typically, every authentication attempt made by a user to access the LAN is logged. Auditors are then able to view the authentication logs to identify and address suspicious authentication activity. However, such auditing does not occur in real-time. Therefore, suspicious activity may not be addressed in time resulting in a security compromise of the LAN. Further, activity that may appear to be suspicious to an auditor is often legitimate activity on behalf of the users attempting to access the LAN. However, because the authentication logs do not indicate any context related to the authentication attempts, an auditor is required to investigate each authentication attempt that appears to be suspicious. Such investigations are time consuming and may distract the auditors from investigating suspicious activity that is truly malicious in nature.
As the foregoing illustrates, what is needed in the art is a more robust and efficient mechanism for tracking and monitoring login attempts into a secure environment.