Customize the risk engines Skip Navigation
  1. BlackBerry Docs
  2. CylancePERSONA Mobile
  3. CylancePERSONA Mobile Administration Guide
  4. Steps to configure and use CylancePERSONA Mobile
  5. Customize the risk engines

Customize the risk engines

You can choose which risk engines you want
CylancePERSONA Mobile
 to use. For example, you can choose to turn off the identity risk engines (behavioral pattern, IP address, and continuous authentication app anomaly) and have
CylancePERSONA
 determine a user’s risk level and corresponding actions using defined geozones and learned geozones only.  If you disable a risk engine, the corresponding scoring and risk actions for all users are disabled, regardless of whether actions are configured for that risk engine in an individual policy. Enable the risk engines that meet your organization’s security standards.
You can customize the risk score ranges for behavioral risk and learned geozone risk. The default risk ranges are:
Risk level
Behavioral risk score (%)
Learned geozone risk range (upper limit of the distance from a learned geozone)
Low
0 - 40
150 yards
Medium
40 - 80
10 miles
High
80 - 100
> 10 miles
  1. In the
    Persona Analytics Portal
    , on the menu bar, click
    Settings > Risk engines.
  2. In the
    Identity risk
     section, enable or disable the
    Behavioral pattern risk
     engine. By default, the Behavioral pattern risk is enabled.
  3. If you want to change the behavioral risk score ranges, in the
    Behavioral pattern risk
     section, click and drag the sliders.
  4. Enable or disable the
    IP address
     risk engine. If IP address risk factors are enabled, you must configure trusted and untrusted IP addresses in Settings. Trusted IP addresses are automatically treated as low risk, and untrusted IP addresses are treated as critical risk. You can specify the risk levels that are applied for undefined and undetected IP addresses. By default, this risk engine is disabled.
  5. If you enabled IP address risk, in the drop-down lists, set the risk level that you want to apply to
    Undefined
     and
    Undetected
     IP addresses. By default, these IP addresses are treated as medium risk.
  6. Enable or disable the
    Continuous Authentication app anomaly
     risk engine. By default this risk engine is enabled.
  7. If Continuous Authentication app anomaly risk is enabled, in the
    Risk factor
     section, do the following:
    1. Move the slider under
      Setting
       to set the scoring threshold for when users' app usage should be treated as at risk.
    2. In the drop-down list under
      Risk level
      , specify the risk level that should be applied when users' app usage is considered at risk. You can select either Critical or High.
  8. In the
    Geozone risk
     section, enable or disable the
    Defined geozone
     and
    Learned geozone
     risk engines. By default, these risk engines are enabled.
  9. If you want to change the learned geozone risk ranges, in the
    Learned geozone risk engine
     section, specify the upper limit of the low-risk range and medium-risk range from learned locations.
  10. Click
    Save
    .