About User Identity

User identity information can help you to identify the source of policy breaches, attacks, or network vulnerabilities, and trace them to specific users. For example, you could determine:

• Who owns the host targeted by an intrusion event that has a Vulnerable (level 1: red) impact level.

• Who initiated an internal attack or portscan.

• Who is attempting unauthorized access to a specified host.

• Who is consuming an unreasonable amount of bandwidth.

• Who has not applied critical operating system updates.

• Who is using instant messaging software or peer-to-peer file-sharing applications in violation of company policy.

• Who is associated with each indication of compromise on your network.

Armed with this information, you can use other features of the system to mitigate risk, perform access control, and take action to protect others from disruption. These capabilities also significantly improve audit controls and enhance regulatory compliance.

After you configure user identity sources to gather user data, you can perform user awareness and user control.

For more information about identity sources, see About User Identity Sources.