IBM Technical Exchange India Security User Group

 View Only

New Feature Alert: User Risk Management for identifying top risky users with endpoint management

By Vijay Lele posted Wed April 21, 2021 12:21 PM

As an Info-Sec manager,
  • Do you find it challenging to identity top risky users in your organization?
  • Do you have visibility of incidents that termed them as risky users?
  • Does your endpoint manager give you the ability to configure risk rules?
This is where User Risk Management for IBM MaaS360 can help. This article talks about new feature introduced in IBM MaaS360 with Watson.

What exactly is User Risk Management?
MaaS360 uses its next generation analytics engine to identify risk incidents and assigns a risk score based on the severity of the risk incident. These events are aggregated at a user level to identify the top risky users in your organization.

The security dashboard aggregates all of this risk information and presents the administrator with a holistic view of their organization’s risk profile. Admins can use the security dashboard to monitor overall risky trends as well as identify the most risky users. You can configure from set of rules available to be considered for risk profile.

Security Dashboard of User Risk Management

There are risk rules, which define the parameters used to identify risk incidents. Administrators can view and modify these risk rules using the risk rule configurator.

Rule Configurator of User Risk Management

Admins can exclude rules from being evaluated and change the severity associated with the goal of configuring a set of rules that matters most to their organization. It is important to note that although the risk rule may be in the enabled state, the administrator may still have some pre-requisites to configure to detect these incidents.

Rule Configurator of User Risk Management

Advantages of user risk management

Following are the advantages that you get with user risk management.

  • User-concentric view of the organization’s security posture.
  • Give your own definition of risk by customizing the risk score model.
  • Analytics and dashboard to view risk profile trends across organization and generate insights that help Administrators to improve security and compliance status.

How do I enable this?
1. Login to MaaS360 console with your user who can enable service.
2. Go to Setup > Services
3. Enable "User Risk Management"

MaaS360 User Risk Management Services

Enabling this service will start the identification of risk incidents which you can view in the Security Dashboard in Security > Security Dashboard.
It will take around 24 hours after the service is enabled for the Security Dashboard to show the risk incidents.
To view and customize which incidents are considered as risky please use the Risk Rule Configurator in Security > Risk Rule Configurator.

More details are available on Knowledge Center link: