Loving the Algorithm: User Risk Management and Good Security Hygiene

User risk management watches where people can’t. If you polled a random sampling of employees at various organizations, most would probably consider themselves security-minded. They would argue that they are not actively sending sensitive data to malicious recipients, clicking strange links or downloading attachments from unknown senders.

This mindset is a good attribute, and should not be downplayed. However, those same employees may be putting companies at risk by accessing company data on a personal device running an outdated version of an operating system while connected to the public Wi-Fi. They may also have installed risky applications, repeatedly attempted to visit blocked sites on the corporate browser or attempted to log in from multiple unexpected locations.

With proper unified endpoint management (UEM) policy and compliance rules in place, many of these risks can be proactively avoided. Most organizations enjoy a level of trust between the employees and the UEM administrator. In many cases, there’s no need to take drastic action until it becomes apparent there is a pattern of bad user behavior.

Keeping Good Security Hygiene 

So, what makes for good security hygiene? Understanding and continuously evaluating behavior — and adjusting security measures accordingly — is the best way to keep your organization secure. This way also prevents interrupting the productivity of those security-minded users.

You don’t have to look through dozens of reports to find users doing risky behaviors in an effort to rank which ones need immediate attention. You need a way to quickly understand the most common risks to your company. It is most important to know whether a user is a repeat offender or an average employee making a mistake. Doing that manually in an organization with hundreds or thousands of devices simply is not feasible.

That’s where user risk management can help.

What is User Risk Management?

At its most basic level, user risk management is a UEM capability that aggregates risky user behaviors. It logs malicious app installs, unsecured network connections, strange login locations, failed access attempts, unpatched or outdated operating systems and the like. From there, it assigns a user risk score based on defined parameters.

Not worried about login locations since your business thrives on remote work? Keep it out of the score. You only need to care about behaviors that have the most impact on your organization.

Once these scores are created, the system ranks users by which ones present the most imminent threat. That could be a malicious insider or an employee who clicks on every email link with reckless abandon.

After those threats are uncovered, actions can be taken, typically in the form of strong conditional access policies requiring tokens, biometrics or other factors to authenticate. In the case of the hypothetical malicious insider, though, access can be blocked outright while an investigation is conducted.

While user risk management lives within an organization’s UEM platform, its aim is to pull from data sources across the entire security stack. Security information and event management, identity-as-a-service and endpoint detection and response tools can have their logs consolidated within the user risk engine. This allows for a multi-dimensional picture of users as they go about their day interacting with corporate systems.

Is This Good for the User Experience?

Since user risk management is continuously evaluating the behavior of users on their devices, those users who are not presenting a risk to the business are not hindered by access obstacles like their riskier counterparts. Instead, employees who act responsibly can have as frictionless an experience as the UEM administrator chooses to provide. 

The other side of the coin with continuous evaluation is that security becomes adaptive. The ‘clean-nosed’ employees can quickly fall into the trap of clicking on a phishing link or downloading a banned app on their personal device, moving them from green to red. At that point, they go from minimal friction to immediate quarantine.

Conversely, the employee who was previously in the red can shift back to green, gaining back permissions and privileges that had been suspended.

This is a great way to administer a Zero Trust security model. While user risk management isn’t the one-size-fits-all method typically used in Zero Trust’s ‘never trust, always verify’ philosophy, it can contribute to that approach. By continuously monitoring, an organization is never turning a blind eye and fully relying on trust. Rather, it is constantly verifying that the user can be trusted until the time comes when the trust is broken.

With a wide-ranging user risk management system, you can ensure that highly risky users are dealt with swiftly. In many cases, organizations can automatically cut down on time spent resolving issues. This lets them move on more quickly to the investigation and retrospective stage of the threat response.

The post Loving the Algorithm: User Risk Management and Good Security Hygiene appeared first on Security Intelligence.


This post appeared first on Security Intelligence
Author: Ryan Schwartz