Customize the risk engines Skip Navigation

Customize the risk engines

You can choose which risk engines you want
CylancePERSONA Mobile
to use. For example, you can choose to turn off the identity risk engines (behavioral pattern, IP address, and continuous authentication app anomaly) and have
determine a user’s risk level and corresponding actions using defined geozones and learned geozones only.  If you disable a risk engine, the corresponding scoring and risk actions for all users are disabled, regardless of whether actions are configured for that risk engine in an individual policy. Enable the risk engines that meet your organization’s security standards.
You can customize the risk score ranges for behavioral risk and learned geozone risk. The default risk ranges are:
Risk level
Behavioral risk score (%)
Learned geozone risk range (upper limit of the distance from a learned geozone)
0 - 40
150 yards
40 - 80
10 miles
80 - 100
> 10 miles
  1. In the
    Persona Analytics Portal
    , on the menu bar, click
    Settings > Risk engines.
  2. In the
    Identity risk
    section, enable or disable the
    Behavioral pattern risk
    engine. By default, the Behavioral pattern risk is enabled.
  3. If you want to change the behavioral risk score ranges, in the
    Behavioral pattern risk
    section, click and drag the sliders.
  4. Enable or disable the
    IP address
    risk engine. If IP address risk factors are enabled, you must configure trusted and untrusted IP addresses in Settings. Trusted IP addresses are automatically treated as low risk, and untrusted IP addresses are treated as critical risk. You can specify the risk levels that are applied for undefined and undetected IP addresses. By default, this risk engine is disabled.
  5. If you enabled IP address risk, in the drop-down lists, set the risk level that you want to apply to
    IP addresses. By default, these IP addresses are treated as medium risk.
  6. Enable or disable the
    Continuous Authentication app anomaly
    risk engine. By default this risk engine is enabled.
  7. If Continuous Authentication app anomaly risk is enabled, in the
    Risk factor
    section, do the following:
    1. Move the slider under
      to set the scoring threshold for when users' app usage should be treated as at risk.
    2. In the drop-down list under
      Risk level
      , specify the risk level that should be applied when users' app usage is considered at risk. You can select either Critical or High.
  8. In the
    Geozone risk
    section, enable or disable the
    Defined geozone
    Learned geozone
    risk engines. By default, these risk engines are enabled.
  9. If you want to change the learned geozone risk ranges, in the
    Learned geozone risk engine
    section, specify the upper limit of the low-risk range and medium-risk range from learned locations.
  10. Click