Greater Visibility of Risks Within Your Organization
A Risk Score is a number that helps you assess risk within your company. This score helps detect which users and behaviors are likely to cause a security breach.
Think of this as a curated version of your SEIM System. Instead of a data lake filled with unrelated, uninformative events, risk scoring gives you a tailored list of key security risks categorized by behavior, and individual.
There are two types of Risk Scores in ActivTrak: User Risk Scores and Alarm Risk Scores.
Alarm Risk Scores
An Alarm Risk Score tells you how often risky activity is happening across your network. Alarm Risk Scores are calculated by taking assigned risk points and multiplying that amount by the number of times the alarm is triggered.
Say you assigned 2 risk points to an activity alarm titled File Access Alarm. If the Alarm triggers ten times, then the Total Alarm Risk Score for the File Access Alarm would be 20 points.
User Risk Scores
User Risk Scores help you understand which users within your organization are behaving riskier than others. A User Risk Score is largely determined by two factors: Risk Points and maximum Activity Log records for a single user.
The score is defined by total risk points of a user divided by the maximum activity log records for the most active single user in your account.
For example, if your most active user has 1,000 log records and they have accumulated a total of 30 risk points through tripping 3-4 different alarms. Their total User Risk Score would be 0.03.