[xm1994]

I've been out of the security space for a while but what I would love to see (and perhaps it already exists) is a threat "counter" for every authenticated user on my network. Data could be fed from various sources IDS and audit logs and actions like simultaneous logins, port scans or attempts to access files and apps that the user doesn't have access to would increase their threat counter. You could add weight to events e.g someone from marketing tryign to access a SQL server, router, or RDP to an accounting server, etc. Unauthenticated hits could be associated with an anonymous user. Once the entity has reached a certain threshold an analyst is alerted to investigate. You could even tie this to the support center - "Hello Mr. Rogers, I see you're having trouble logging on to the reporting site, would you like us to reset your password?"

[knowaveragejoe]

I forget the term, but there is a similar value assigned to users for marketing purposes which is sourced from a variety of systems. The higher the value, the more likely the person would be interested in converting/making a purchase. Something similar surely exists for security purposes. With that said, the last thing you mentioned must be used with great caution, as it could easily be exploited.

[mkmk]

'Lead Score'?

[knowaveragejoe]

Yep, that's it.