Automatically Block Compromised Accounts
Administrators can now configure Harmony Email & Collaboration to automatically disable users that are detected as compromised.
A compromised internal account controlled by an attacker can cause a lot of damage very fast. To protect against this type of threat, we recently released the ability for administrators to manually disable the user directly from the Harmony Email & Collaboration dashboard.
However, what organizations prefer is to automatically and immediately handle such cases.
Harmony Email & Collaboration now includes A new workflow that automatically disables users detected as compromised and terminates all their active sessions.
Administrators continue being alerted of compromised being detected and are able to unblock the user and reset its password manually from the Harmony Email & Collaboration dashboard.
To configure the new workflow, go to Config > Security Engines > Anomaly Detection > Configure > Compromised Accounts Workflow and select Alert admin, automatically block user.
Note – this feature is being deployed gradually. You should see it in your portal in the next week.