Skip Navigation

Architecture: 
BlackBerry Intelligent Security

This diagram shows the different components of the BlackBerry Intelligent Security solution
Component
Description
Managed devices
BlackBerry Enterprise Identity
 and 
BlackBerry Dynamics
 apps that use the 
BlackBerry Analytics SDK
 send usage data, events, and location data to the 
BlackBerry Intelligent Security
 services.
The 
BlackBerry Dynamics
 apps released by 
BlackBerry
 (
BlackBerry Work
BlackBerry Access
, and so on) include the BlackBerry Analytics SDK.
BlackBerry Intelligent Security
 services
The 
BlackBerry Intelligent Security
 services receive usage data, events, and geolocation data from 
BlackBerry Enterprise Identity
 and 
BlackBerry Dynamics
 apps. The services process this data and use machine learning to train and develop a risk model for each user. 
The services use this risk model to analyze new data that is received and to generate various risk scores for the user in real time, including a behavioral risk score, a continuous authentication risk score, and a geozone risk score. The services communicate the user's current risk scores and the corresponding risk actions that you configure to 
BlackBerry Dynamics
 apps, the 
BlackBerry Intelligent Security Analytics Portal
, and 
BlackBerry UEM
.
BlackBerry Work
 supports continuous authentication. If the 
BlackBerry Intelligent Security
 services receive behavioral data or app events from 
BlackBerry Work
 that do not fit the user's usage model, 
BlackBerry Intelligent Security
 triggers an authentication prompt. The user must successfully authenticate if they want to continue to use 
BlackBerry Work
.
BlackBerry Intelligent Security Analytics Portal
You use the web-based 
BlackBerry Intelligent Security Analytics Portal
 to manage the service, including:
  • Configuring and customizing the risk engines
  • Defining geozones to enforce security standards for specific locations
  • Creating and assigning 
    BlackBerry Intelligent Security
     policies that apply adaptive actions to users' devices based on each user's level of risk
  • Viewing user and event statistics
  • Identifying trends and potential security threats
The portal communicates with the 
BlackBerry Intelligent Security
 services and 
UEM
 to apply policies to devices.
BlackBerry UEM
 or 
BlackBerry UEM Cloud
You use the 
UEM
 management console to create and configure local user groups that define security standards and device behaviors for the different risk levels and defined geozones. When you create a policy in the portal, you associate each group with one or more of the behavioral risk levels, geozone risk levels, or defined geozones.
The 
BlackBerry Intelligent Security
 services communicate with 
UEM
 and direct it to apply risk actions (group assignments, temporary blocks of 
BlackBerry Dynamics
 apps) to users' devices.
BlackBerry Enterprise Identity
You can configure 
BlackBerry Enterprise Identity
 authentication policies that can change a user’s authentication requirements in different risk scenarios. You can factor the user’s behavioral risk level, geozone risk level, or a defined geozone into the risk factors in an authentication policy. If the user meets a certain risk level, the policy adapts the user’s authentication requirements accordingly.