User identity

User identity is a security feature that

identifies the source of policy breaches, attacks, or network vulnerabilities and traces them to specific users
enables risk mitigation, access control, and protective actions to prevent disruption to others, and
significantly improves audit controls and enhances regulatory compliance.

User identity capabilities

User identity information can help you determine:

Who owns the host targeted by an intrusion event that has a Vulnerable (level 1: red) impact level.
Who initiated an internal attack or portscan.
Who is attempting unauthorized access to a specified host.
Who is consuming an unreasonable amount of bandwidth.
Who has not applied critical operating system updates.
Who is using instant messaging software or peer-to-peer file-sharing applications in violation of company policy.
Who is associated with each indication of compromise on your network.

Armed with this information, you can use other features of the system to mitigate risk, perform access control, and take action to protect others from disruption. These capabilities also significantly improve audit controls and enhance regulatory compliance.

After you configure user identity sources to gather user data, you can perform user awareness and user control.

For more information about identity sources, see About user identity sources.