The Battleground:

A Local County's network.

The Presumption:

Having security setup on account to help prevent brute force attempts from malicious users.

The Discovery:

An Analyst was searching through the raw logs that are being gathered to search for possible malicious events. The Analyst found that an account was being brute forced every so often, but not enough to lock the account to rise suspicion from security software. The attempts eventually lead to a breach in the account in which the County's IT department was notified and the account was locked. It was later found out that the account didn't have Two-Factor Authentication on the account.

Our Solution:

Having Two-Factor Authentication greatly reduces the risk of an account being brute forced. Also setting up accounts to temporarily lock after 3-5 attempts will help as well.

Lessons Learned:

You can never be too secure with account security. Once an account is breached, it is only a matter of time before the user finds what they want.