Educause Security Discussion mailing list archives
Measures of detecting breached email accounts
From: Keenan Martinez <0000004218ecec53-dmarc-request () LISTSERV EDUCAUSE EDU>
Date: Mon, 4 Dec 2017 23:19:28 +0000
Good day, Currently, we use Microsoft Operations Management Suite as logging for Office 365. As part of my monthly process, logs are exported where it is filtered based on successful login attempts. Following which, the IP address field is upload to (http://www.bulkseotools.com/bulk-ip-to-location.php) allowing for the conversion of an IP address to country. When the website completes the conversion, the results are reviewed, and a process of elimination is carried out in order to identify any breached email accounts. I.e. if an account has a successful login from Australia, but the employee is at our office (in the Caribbean), the account is flagged as compromised, while MFA is enabled, and a request is made for the employee to change their password. I am inquiring about techniques members undertake to proactively detect breached email accounts and how the process of converting IP addresses to countries be simplified? I look forward to receiving your response. Regards, Keenan Martinez Manager Information Technology Department Arthur Lok Jack Graduate School of Business Max Richards Drive, Uriah Butler Highway, North West, Mt. Hope. Trinidad & Tobago. (UTC-4 hours) • (868) 645-6700 ext. 333 (Ext.) • (868) 662 1411 (fax) • (868) 498-0764 (Mobile) • k.martinez () lokjackgsb edu tt • www.lokjackgsb.edu.tt • support () lokjackgsb edu tt (Helpdesk) _____________________________________________________________________ Please note that this message and any attachments may contain confidential and proprietary material and information and are intended only for the use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any review, use, disclosure, dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received this email in error, please immediately notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed. Thank you.
Current thread:
- Measures of detecting breached email accounts Keenan Martinez (Dec 04)
- Re: Measures of detecting breached email accounts Valdis Kletnieks (Dec 04)
- Re: Measures of detecting breached email accounts Frank Barton (Dec 05)
- Re: Measures of detecting breached email accounts Keenan Martinez (Dec 05)
- Re: Measures of detecting breached email accounts Frank Barton (Dec 05)
- Re: Measures of detecting breached email accounts Keenan Martinez (Dec 06)
- Re: Measures of detecting breached email accounts Kevin Crider (Dec 07)
- Re: Measures of detecting breached email accounts Frank Barton (Dec 05)
- Re: Measures of detecting breached email accounts Valdis Kletnieks (Dec 04)
- <Possible follow-ups>
- Re: Measures of detecting breached email accounts Joseph Tam (Dec 05)
- Re: Measures of detecting breached email accounts Keenan Martinez (Dec 06)
- Re: Measures of detecting breached email accounts Valdis Kletnieks (Dec 06)