IBM Security MaaS360

Zero trust is now over a decade old—that’s enough time for it to move from concept and experiments, through the inevitable vendor hype, and now into realization with deployments and offerings that can deliver on the seminal mantra from Google’s BeyondCorp to allow “employees to work more securely from virtually any location.”  

While identity and access management (IAM) initiatives centered around single sign-on (SSO), multifactor (MFA) and passwordless authentication took the lead in zero trust developments, the explosion of mobile device growth (including laptops) and remote work has thrust unified endpoint management (UEM) into the core of zero trust. The reason is that UEM is instrumented to collect critical user and device data that can be used to understand context and analyze behavior before corrective action is taken. Without context and advanced analytics, IT security admins might get overzealous and terminate all access for a careless employee (like one accessing sensitive data over public Wi-Fi). Or worse, they might miss a pattern of nefarious behavior that a dangerous insider is trying to hide (such as sideloading a sophisticated exfiltration app).

To address this need we are proud to announce the general availability (GA) of User Risk Management for IBM Security MaaS360 with Watson, effective March 13, 2021.

-->Watch the on-demand webinar to hear all about it from IBM product management and one of our beta customers. <--

What is User Risk Management?

At its most basic level, user risk management (URM) is a UEM capability that aggregates risky user behaviors. It logs malicious app installs, unsecured network connections, strange login locations, failed access attempts, unpatched or outdated operating systems and the like. You can also exclude parameters to customize the behaviors for your specific needs. From there, URM assigns a user risk score based on defined parameters.

Once these scores are created, MaaS360 ranks users by which ones present the most imminent threat. It could be a malicious insider or an employee who clicks on every email link with reckless abandon.

After threats are determined, actions can be taken, typically in the form of strong conditional access policies requiring tokens, biometrics or other factors to authenticate. In more dangerous cases such as a suspected malicious insider, access can be blocked outright while an investigation is conducted.

While user risk management lives within an organization’s UEM platform, its aim is to pull from data sources across the entire security stack. Security information and event management (SIEM), identity-as-a-service (IDaaS) and endpoint detection and response (EDR) tools can have their logs consolidated within the user risk engine. This allows for a multi-dimensional picture of users as they go about their day interacting with corporate systems.

What is the effect of URM on UX?

Since URM is continuously evaluating the behavior of users on their devices, those users who are not presenting a risk to the business are not hindered by access obstacles like their riskier counterparts. Instead, employees who act responsibly can have as frictionless an experience as the UEM administrator chooses to provide.

Continuous evaluation also enables adaptive security. For example, the ‘clean-nosed’ employee can quickly fall into the trap of clicking on a phishing link or downloading a banned app on their personal device, moving them from green to red in the risk scoring. At that point, they go from minimal friction to immediate quarantine and will stay there until the violation is mitigated.

Conversely, an employee who was previously in the red can work their way to back to green, gaining back permissions and privileges that had been suspended.

Want to learn more?

• Watch the replay of our  March 23rd webinar to hear from IBM offering management and a MaaS360 customer about the lessons and successes from the beta program and where URM is going next
• Consult the technical documentation in the Knowledge Center
• Read the webinar Q&A transcript and the extended FAQ
• You can get turn on the new URM capability from the services page in the MaaS360 Portal