Adjusting session risk scoring & threat analytics parameters
Sectona Security Platform uses a combination of users access events (user behavior) and activity events (threat levels) to determine a session risk score. Platform leverages composite risk scoring to determine the overall session risk score used for scoring threat levels for every session.
Risk score are determined basis risk libraries activated & configured and calculated once user session is completed. By default all rules are set with a default risk levels and all events are analyzed using default risk levels.
This section covers:
Understanding Risk Scoring Mechanism
Risk score is calculated by determining the registered events that passes validity criteria set out in risk libraries. To determine a final risk score for a session, system analyzes total events generated during the session and correlates with number of behavioral events (Total Events). Further, system categories events as per then defined criticality level scoring defined in the system & aggregates events &to arrive Criticality level scoring ( Total Events * Criticality Level Weight). Finally, system further determines final risk score by Total Score of Criticality Levels / number of events.
Criticality Level | Risk Score | Weight | Color Assigned |
---|---|---|---|
Low | 0 to 25 | 25 | |
Medium | 26 to 50 | 50 | |
High | 51 to 75 | 75 | |
Critical | 76 to 100 | 100 |
Configuring Risk Level
To define a risk level in Sectona PAM, follow below recommended steps:
Login to Sectona PAM as an administrator
Navigate to the Policies→ Click on Risk Scoring
A page will appear in front of you representing various activities with their criticality levels of the risk.
If you wish to change the risk level, click on the activity for which you wish to configure the risk level. Select the desired risk level within the Configured Risk Level drop-down menu and click on Update.
Configure Criticality Level
To define a criticality level tag in Sectona PAM, follow below recommended steps:
Login to Sectona PAM as an administrator
Navigate to the Configuration→ Click on Criticality Levels
Click the +Add Criticality Level This will open up a form where you can define your criticality levels.
Select the criticality level for your organization's assets as per the requirement to either Critical, High, Medium, or Low.
Click on Saveto define the criticality level in Sectona PAM.