Adjusting session risk scoring & threat analytics parameters
Sectona Security Platform uses a combination of user access events (user behavior) and activity events (threat levels) to determine a session risk score. The platform leverages composite risk scoring to determine the overall session risk score used for scoring threat levels for every session.
Risk scores are determined based on risk libraries activated & configured and calculated once the user session is completed. All rules are set with default risk levels by default, and all events are analyzed using default risk levels.
This section covers the following:
Understanding Risk Scoring Mechanism
A risk score is calculated by determining the registered events that pass validity criteria in risk libraries. To determine a final risk score for a session, the system analyzes the total events generated during the session and correlates with a number of behavioral events (Total Events). Further, the system categorizes events as per the criticality level scoring defined in the system & aggregates events &to arrive at Criticality level scoring ( Total Events * Criticality Level Weight). Finally, the system determines the final risk score by the Total Score of Criticality Levels/number of events.
Criticality Level | Risk Score | Weight | Color Assigned |
---|---|---|---|
Low | 0 to 25 | 25 | |
Medium | 26 to 50 | 50 | |
High | 51 to 75 | 75 | |
Critical | 76 to 100 | 100 |
Configuring Risk Level
To define a risk level in Sectona PAM, follow the below-recommended steps:
Login to Sectona PAM as an administrator
Navigate to the Policies→ Click on Risk Scoring
A page will appear in front of you representing various activities with their critical levels of risk.
If you wish to change the risk level, click on the activity for which you wish to configure the risk level. Select the desired risk level within the Configured Risk Level drop-down menu and click on Update.
Configure Criticality Level
To define a criticality level tag in Sectona PAM, follow the below-recommended steps:
Login to Sectona PAM as an administrator
Navigate to the Configuration→ Click on Criticality Levels
Click the +Add Criticality Level. This will open up a form where you can define your criticality levels.
Select the criticality level for your organization's assets as per the requirement to either Critical, High, Medium, or Low.
Click on Save to define the criticality level in Sectona PAM.