IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

Peer Group Analysis in IBM Security Verify Analytics

By PRITI PATIL posted Mon July 05, 2021 12:40 PM

  

The Peer Group Analysis technique is a method that compares data of peers to identify various insights. These insights depend on the domain to which it is applied. For example, in the IAM domain it is used to evaluate a user compared to other users within a predetermined peer group (e.g., department, job, role) or a peer group that is derived by like behaviors. By evaluating users compared to their peers, the analytics engine can identify rogue or outlier access. Additionally, this data can also be used to find out which accesses user should have when he joins the organization or moves to another team/role. This data is particularly interesting to reviewers to make an informed decision during access review or access certification.

IBM Security Verify Analytics (ISVA) performs Peer Group Analysis which can self-learn peer groups and provide outliers with reasoning. Additionally, it self-learn tuning parameters for various machine learning algorithms to generate more accurate insights. With this patent-pending technology, ISVA identifies outlier accesses that works with noisy data, easy to consume by end-user along with reasoning on why access is an outlier.

 

Ability to work with noisy data

Peer group analysis determines outliers based on an organization’s user to entitlement mapping. However, in reality, access control configurations in any large organization are noisy in at least two senses: first, they might contain undesirable over- and under-assignments; and second, not all permissions are assigned due to roles—some assignments may be exceptions. Hence it is necessary for role mining to deal with noisy data.  Hence, ISVA uses a machine learning technique to identify noise in access control data.


Easy to consume

Peer group analysis relies on the admin specifying the definition of user attributes that can be used. In medium/large organization, due to complex organizational structure, it may not be simple to identify such attributes which define peer groups and it might change over time. Hence ISVA learns peer-group attributes based on user and their entitlements. It finds out attributes that reliably predict entitlements and hence can be used in peer group analysis.

 

Reasoning on why access is an outlier

 

Typically, machine learning algorithms are used for identifying outlier entitlements.  Statistical analysis of entitlement commonality for attributes that were identified as peer group attributes reasoning on why entitlement could be an outlier.


Here is screenshot showing list of accesses user should not be having based on Peer Group Analysis along with reasoning on why access is outlier.

 



Additional Links:

Overview of Identity Analytics with IBM Security Verify

https://www.youtube.com/watch?v=6OReFeSQJp8

 

Adding Analytics to your IGA infrastructure

https://community.ibm.com/community/user/security/blogs/priti-patil1/2020/07/13/adding-analytics-to-your-iga-infrastructure

 

More details of Peer Group Analysis risk policy

https://www.ibm.com/docs/en/security-verify?topic=configuration-policy-violations-scenarios#cia_cpt_policy_scenarios__section_rp12

 

0 comments
22 views

Permalink

https://community.ibm.com/community/user/blogs/priti-patil1/2021/07/05/peer-group-analysis-in-ibm-security-verify-analyti