Last year, we introduced Risk Analytics in Workspace ONE Intelligence. Risk Analytics leverages machine learning models to calculate user and device risk scores based on user activity and device context. We’ve recently added CVE-based indicators, and now we are introducing Login Risk Score, a metric that shows how risky a login attempt is from a user trying to access a digital corporate asset. We mentioned this in our recent blog post about FIDO2 support, but today we’ll go deeper, specifically on Login Risk Score and how it works.
Why Risk Analytics?
It goes without saying, but securing the enterprise’s digital assets is top of mind for nearly every IT professional. As organizations are on a journey to enable their employees to work from anywhere, they must deal with a growing number of devices, as well as a growing number of locations from which employees access the corporate network. With this growth, IT is under scrutiny to figure out the right solution to keep the enterprise secure while providing employees with the flexibility they need.
Just in the past year, at the same time organizations have been strategizing on the future of work and worrying about their employees’ health and safety, cybersecurity criminals have been taking advantage of the situation. In 2020 the world observed a spike in cybersecurity events including malicious email messages, ransomware and phishing attacks.
How Workspace ONE Intelligence Login Risk Score works
Login Risk Score uses machine learning models to analyze past user login patterns and determine if a login attempt is anomalous. For example, if a user tends to always login from the same city or area, our algorithm learns how users behave and can adjust to a long-term change in user activity. This is crucial because while an employee’s home location might be Palo Alto one month, the next it may be Atlanta, and they shouldn’t be considered risky after they’ve established a consistent login pattern in Atlanta.
The Login Risk Score is simple to read and follows the same naming conventions of our User Risk model, in that an attempt is given a Low, Medium or High score. This score can then be used in dashboards in Workspace ONE Intelligence. Other products can also consume these scores, as well. For example, Workspace ONE Access, can use them for conditional access policies, where a Login Risk Score can be used to trigger step-up authentication or even full denial of access.