IBM Security MaaS360

 View Only

Tracking Security events - Evaluate organization security with MaaS360

By Dhruv Rathod posted Mon April 01, 2024 08:32 AM

  

Overview

MaaS360 Zero Trust User Risk Management offering allows the Administrator to track all kinds of security events detected in users' devices deployed across the organization.
All these events can be tracked via the Security Events widget available in the Security dashboard. This widget helps evaluate the risk in the organization and analyze any unknown events based on their details.

Features and Walkthrough

Security events widget
Security events widget in Security Dashboard

This widget displays a brief overview of the security events detected in the last 60 days. The security events are categorized based on whether a risk rule is configured for those events.
The numbers 2/15 over here mean that out of 15 detected event types in the organization, 2 of them aren't configured. (These two event types do not contribute to the risk score for any device/user). The chart displays the proportion of the event types that have a risk rule disabled to the ones that have a risk rule disabled. Hovering on each of these bars lets us know how many events have been detected in each of the categories.
The top event types without risk rule table lists out the top 5 event types detected in the organization that have risk rule disabled.

All of this helps the administrator understand, and customize which event types should be configured, and which should not be, hence those won't contribute to a device's risk score, and won't be considered risky as per the admin.

Clicking on the View all security events button will redirect the admin to the Security events page.

Security events page
Security events page
The security events page drills down on each and every security event detected on every device in the last 60 days.
The chart shows daily analytics and proportion of configured/non-configured events.
This page provides multiple filters and hence allows the administrator to analyze the data according to their needs.
Event details
Clicking any event on the security events page opens a slide-out event details screen where any event-specific data can be observed. In the case of Event type: Malicious email received, we can check the sender and the malicious URL received as part of the email.
It helps the administrator understand the severity of the event, if any action is required on the device/user, the Security dashboard provides the option to quarantine the user/device through a different workflow available on the User Summary page / Security Dashboard home page.
Event types

Clicking on the View all event types button on the Security events page opens a slide-out showing all the event types detected in the organization in the last 60 days, again categorized into two groups, Risk rule configured / not configured.
Upon clicking any event type, another slide-out pops out, where granular details about that event type are present.

This screen provides us with the event type details, focusing on the trend of the detections in the past two months, and the risk rule details about the event.

Summary

In brief, the Security dashboard provides multiple areas and options to the admin to track and evaluate the organization's security. The admin can take tremendous advantage of the Security events page to drill down on the security problems and risks harming the organization.

0 comments
14 views

Permalink