The Security Analytics Engine provides an extra level of security that can be customized to fit the needs of every application. The Security Analytics Engine works by monitoring users and browsers to ensure that they are not accessing applications from locations, networks, etc. that are potentially unsafe, thus reducing the threat of a malicious user or browser gaining access to your application.
When a user attempts to access an application which uses the Security Analytics Engine, a customizable risk policy evaluates the risk of allowing the user access. Each risk policy is made up of conditions and modifiers which have assigned scores. For each access attempt, these conditions and their associated modifiers are evaluated individually and a single risk score is then calculated using all the condition scores.
For example, a user could log in to an application using an abnormal browser while also using a weak method of authentication. The risk policies allow you to take these two types of behavior into account by letting you apply modifiers to conditions in cases where additional circumstances may affect the risk from a triggered condition. The conditions are assigned a condition score and the modifiers are then able to increase or lessen that condition score if they are triggered at the same time. So in this case, by triggering both the abnormal browser condition and its associated weak authentication modifier, the configured condition score is further increased due to the modifier.
A condition can also have no impact on a risk score when triggered if there is a modifier applied which is configured to cancel out the condition score. If the user using an abnormal browser is also on a configured whitelist, the whitelist modifier could be applied to have a zeroing effect on both the condition it is associated with and any other modifiers that are also triggered. Assuming no other conditions are triggered, this user would receive a risk score of 0 for the access attempt.
The Security Analytics Engine also allows you to include conditions without modifiers associated with them. For example, the earlier access attempts probably would not be as much of a security threat as someone that logs in from an IP address that is associated with malware. Configuring a risk policy to give the highest risk score to potential malware infected access attempts means that even if the user appears on a whitelist being used as a modifier to negate a different condition they would still receive the highest risk score.
The risk score that is calculated for each access attempt is then sent to the application which uses the risk score to determine whether to allow access, request additional authentication information from the user before allowing access, or deny access. A user may also contact a help desk operator for further assistance if they are unable to access an application due to a high risk score.
|
NOTE: Help desk operators should see the Security Analytics Engine Help Desk User Guide for more information. |
You can access the Security Analytics Engine Administration web site from any computer that has network access to the server.
|
IMPORTANT: When the Security Analytics Engine is bundled with another product (for example, Cloud Access Manager), the Security Analytics Engine should be accessed through the parent product rather than through the fallback login page. See the documentation associated with the main product for information on accessing the Security Analytics Engine. |
To launch the fallback login page of the Security Analytics Engine Administration web site
|
NOTE: The first time the Security Analytics Engine Administration web site is launched, you are prompted to create a fallback password that is required for all future fallback logins. The fallback password can later be changed using the Fallback Password page of the Security Analytics Engine Administration web site. |
Open your web browser and enter the URL for the fallback login page of the Security Analytics Engine Administration web site:
https://<server>/SecurityAnalyticsEngine/Fallback
|
NOTE: Where <server> is the IP address or host name (or ‘localhost’) of the server where you installed the Security Analytics Engine. |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center