Customize the risk engines
You can choose which risk engines you want
CylancePERSONA Mobileto use. For example, you can choose to turn off the identity risk engines (behavioral pattern, IP address, and continuous authentication app anomaly) and have
CylancePERSONAdetermine a user’s risk level and corresponding actions using defined geozones and learned geozones only. If you disable a risk engine, the corresponding scoring and risk actions for all users are disabled, regardless of whether actions are configured for that risk engine in an individual policy. Enable the risk engines that meet your organization’s security standards.
You can customize the risk score ranges for behavioral risk and learned geozone risk. The default risk ranges are:
Behavioral risk score (%)
Learned geozone risk range (upper limit of the distance from a learned geozone)
0 - 40
40 - 80
80 - 100
> 10 miles
- In thePersona Analytics Portal, on the menu bar, clickSettings > Risk engines.
- In theIdentity risksection, enable or disable theBehavioral pattern riskengine. By default, the Behavioral pattern risk is enabled.
- If you want to change the behavioral risk score ranges, in theBehavioral pattern risksection, click and drag the sliders.
- Enable or disable theIP addressrisk engine. If IP address risk factors are enabled, you must configure trusted and untrusted IP addresses in Settings. Trusted IP addresses are automatically treated as low risk, and untrusted IP addresses are treated as critical risk. You can specify the risk levels that are applied for undefined and undetected IP addresses. By default, this risk engine is disabled.
- If you enabled IP address risk, in the drop-down lists, set the risk level that you want to apply toUndefinedandUndetectedIP addresses. By default, these IP addresses are treated as medium risk.
- Enable or disable theContinuous Authentication app anomalyrisk engine. By default this risk engine is enabled.
- If Continuous Authentication app anomaly risk is enabled, in theRisk factorsection, do the following:
- Move the slider underSettingto set the scoring threshold for when users' app usage should be treated as at risk.
- In the drop-down list underRisk level, specify the risk level that should be applied when users' app usage is considered at risk. You can select either Critical or High.
- In theGeozone risksection, enable or disable theDefined geozoneandLearned geozonerisk engines. By default, these risk engines are enabled.
- If you want to change the learned geozone risk ranges, in theLearned geozone risk enginesection, specify the upper limit of the low-risk range and medium-risk range from learned locations.