It is important to know who is on the system at any one time, as well as whether there are multiple users logged into a single host, or single hosts logged into multiple hosts (at the same time). Multiple login sessions can be (but are not always) a sign that the user's account details have been compromised, and that another individual was using their credentials. It is much easier to know whether specific users, multiple user sessions, or multiple session users are normal or not if a profile is taken of the server and/or hosts. 

Knowing who is logged in can assist network security in a number of ways. It helps to attribute events; linking a specific user to an IP address and hence to traffic. Tracking the movements of a logical user among the physical landscape of the network can also be important. If a user has used the same terminal in the London branch every work day for five years, it would be an anomaly for them to log in in Berlin or New York. While this may well be legitimate, it is definitely out of the ordinary, and something to check.