Support staff in a large manufacturing company were experiencing a sudden increase in the number of calls dealing with email account lockouts. The messaging group reached out to us for help. Together we installed Exchange Protocol Guard (EPG) to find out what was going on and to resolve the issue.
EPG reports allowed them to quickly determine that an ex-employee was attempting to login via Outlook Web and ActiveSync through a combination of active employee usernames and password guessing.
The user had configured all the key information into their personal cell phone (ActiveSync) and was changing the username to his prior co-workers accounts, and then guessing at the passwords. They were able to use EPG to see that the ex-employee had not yet gained access and blocked further attempts that would generate more lockouts and user-level denial of services (DoS).
As an added benefit, EPG also helped them to discover and block many mobile phones belonging to past employees. The devices were still making continuous login attempts long after they had disabled the accounts, and the employees had left— affecting bandwidth, performance, and security.