Geographic Login Anomalies
One of the most common ways to spot a malicious attempt to gain remote access into systems is a login attempt from an unusual, remote location. The latest identity and access control software contains account monitoring features designed to take a snapshot or fingerprint of typical user login behavior. That information can be set to alert a system administrator or challenge users when unusual login attempts are spotted. Trustwave said admins can disable accounts until a thorough investigation can take place or remove remote access to systems.