Skip Navigation

How does 
BlackBerry Intelligent Security
 determine a user's behavioral risk level?

The 
BlackBerry Intelligent Security
 services calculate a user’s behavioral risk level by processing the following contextual and behavioral data from 
BlackBerry Enterprise Identity
 and 
BlackBerry Dynamics
 apps:
  • Geolocation (latitude/longitude)
  • Unique user identifiers
  • WAN IP
  • BlackBerry Dynamics
     app identifiers
  • Browser fingerprint (if using 
    BlackBerry Enterprise Identity
The majority of this data is provided by 
BlackBerry Dynamics
 apps.
The 
BlackBerry Intelligent Security
 services process this data and use machine learning to build a risk data model that characterizes a user’s typical behavior. The data model is dynamic and is based on the user’s last 30 days of activity. It can take some time to create a user’s initial data model (for example, several days) because the services require a sufficient amount of user activity to establish a reliable model. The services retain user data for 30 days only (you can change the data retention period).
The 
BlackBerry Intelligent Security
 services assess incoming data based on the existing model and determine whether current data is consistent with the user’s regular pattern of behavior and the behavior of similar device users in the organization (for example, for users in the same location). This assessment results in a risk level and corresponding risk actions for each user that are sent to 
UEM
 to execute.
The risk assessment can identify key security concerns, such as:
  • Whether the user’s current location is consistent with past behavior
  • Whether the user’s current location is possible based on the user’s last reported location
  • Whether and how often the device has accessed the current network
  • Whether the user’s app activity is consistent with past behavior 
The services determine a user's risk level in real time as data is received. Geolocation data is given the most weight in the calculation of the risk level, followed by unique user identifier data, and then WAN IP and app identifier at equal weight. Browser fingerprint data is used as the app identifier for browser apps.
You can also enable a feature that allows users to reduce their behavioral risk level to low by completing a 
BlackBerry 2FA
 authentication prompt. This can help users avoid more restrictive group assignments when they engage in behaviors that do not fit their existing risk model (for example, the first time a user travels to a new office location or engages in different activities for a new role).