User Risk Attributes
A user's risk score is computed in part by calculating against a series of Risk Attributes. Each attribute is weighted individually. The aggregate score is used to determine the User Risk Score. User risk is evaluated in terms of the following categories, attributes, and values defined by Skyhigh CASB.
Download Risk Attributes
The Download Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers the file download activities performed by a user in the last 100 days.
| Category | Attribute | Description | Possible Value |
|---|---|---|---|
| Download Patterns | Percentage of files downloaded to unmanaged devices | Percentage of files downloaded to unmanaged devices. | 0-100 |
| Download Patterns | Percentage of files downloaded from untrusted IPs | Percentage of files downloaded from non trusted IP's. | 0-100 |
| Download Patterns | Percentage of files downloaded from Blacklisted entities | Percentage of files downloaded from blacklisted entities. | 0-100 |
| Download Patterns | Increase in files downloaded | Increase in the number of files downloaded by the user compared to the user's file download history in the last 100 days. | 0-100 |
| Download Patterns | Increase in files downloaded compared to other users | Increase in the number of files downloaded by the user compared to other users in the tenant in the last 100 days. | 0-100 |
Cloud Usage Risk Attributes
The Cloud Usage Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers all the cloud usage activities performed by a user.
| Category | Attribute | Description | Possible Value |
|---|---|---|---|
| Cloud Usage Patterns | Managed SaaS apps used by the user | Number of managed SaaS applications used by the user. | 0-100 |
| Cloud Usage Patterns | SaaS aaps used by the user compared to other users | Number of SaaS applications used by the user compared to other users in the tenant. | 0-100 |
| Cloud Usage Patterns | Number of devices (OS:UserAgent) | Number of devices (OS:UserAgent) used by the user compared to the user's device history in the last 100 days. | 0-100 |
| Cloud Usage Patterns | Number of devices (OS:UserAgent) compared to other users | Number of devices (OS:UserAgent) used by the user compared to other users in the tenant in the last 100 days. | 0-100 |
| Cloud Usage Patterns | Number of networks (Org names) | Number of networks (Org Names) used by the user compared to the user's network history in the last 100 days. | 0-100 |
| Cloud Usage Patterns | Number of networks (Org names) compared to other users | Number of networks (Org Names) used by the user compared to others users in the tenant in the last 100 days. | 0-100 |
| Cloud Usage Patterns | Number of user's activities in a day | Number of user's activities in a day compared to the user's activities in the last 100 days. | 0-100 |
| Cloud Usage Patterns | Number of user's activities in a day compared to other user's | Number of user's activities in a day compared to other users in the tenant in the last 100 days. | 0-100 |
Threat Risk Attributes
The Threat Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers all the threats associated with a user in the last 100 days.
| Category | Attribute | Description | Possible Value |
|---|---|---|---|
| Threat Patterns | Increase in the number of user threats | Increase in the number of user threats compared to the user's threat history in the last 100 days. | 0-100 |
| Threat Patterns | Increase in the number of user threats compared to other users | Increase in the number of user threats compared to other users in the tenant in the last 100 days. | 0-100 |
| Threat Patterns | Increase in the number of user anomalies | Increase in the number of user anomalies compared to the user's anomaly history in the last 100 days. | 0-100 |
| Threat Patterns | Increase in the number of user anomalies compared to other users | Increase in the number of user anomalies compared to other users in the tenant in the last 100 days. | 0-100 |
| Threat Patterns | Increase in the number of high risk user anomalies | Increase in the number of high-risk user anomalies compared to the user's high-risk anomaly history in the last 100 days. | 0-100 |
Incident Risk Attributes
The Incident Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers all the incidents associated with a user in the last 100 days.
| Category | Attribute | Description | Possible Value |
|---|---|---|---|
| Incident Patterns | Increase in the number of malware incidents | Increase in the number of malware incidents by the user compared to the user's malware incident history in the last 100 days. | 0-100 |
| Incident Patterns | Increase in the number of malware incidents compared to other users | Increase in the number of malware incidents by the user compared to other users in the tenant in the last 100 days. | 0-100 |
| Incident Patterns | Increase in the number of DLP incidents | Increase in the number of DLP incidents by the user compared to the user's DLP incident history in the last 100 days. | 0-100 |
| Incident Patterns | Increase in the number of DLP incidents compared to other users | Increase in the number of DLP incidents by the user compared to other users in the tenant in the last 100 days. | 0-100 |
| Incident Patterns | Increase in the number of access control incidents | Increase in the number of access control violations by the user compared to the user’s access control violation history in the last 100 days. | 0-100 |
| Incident Patterns | Increase in the number of access control incidents compared to other users | Increase in the number of access control violations by the user compared to other users in the tenant in the last 100 days. | 0-100 |
Privilege Risk Attributes
The Privilege Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers only the activities performed by a privileged user in the last 100 days.
| Category | Attribute | Description | Possible Value |
|---|---|---|---|
| Privilege Patterns | Increase in the number of administrator activities | Increase in the number of administrator activities by the user compared to the user's administrator activity history in the last 100 days. | 0-100 |
| Privilege Patterns | Increase in the number of administrator activities compared to other admins | Increase in the number of administrator activities by the user compared to other administrators in the tenant in the last 100 days. | 0-100 |
| Privilege Patterns | Increase in the number of data access activities | Increase in the number of data access activities by the user compared to the user's data access activity history in the last 100 days. | 0-100 |
| Privilege Patterns | Increase in percentage of untrusted admin activities | Increase in the percentage of non trusted administrator activities by the user compared to the user's non trusted administrator activity history in the last 100 days. | 0-100 |
| Privilege Patterns | Increase in the number of admin anomalies | Increase in the number of administrator anomalies by the user compared to the user's administrator anomaly history in the last 100 days. | 0-100 |
Collaboration Risk Attributes
The Collaboration Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers all the collaboration activities performed by the user.
| Category | Attribute | Description | Possible Value |
|---|---|---|---|
| Collaboration Patterns | Increase in the number of files shared with internal and external users | Increase in the number of files shared (internally, externally) by the user compared to the user's file share history in the last 100 days. | 0-100 |
| Collaboration Patterns | Increase in the number of files shared compared to other users | Increase in the number of files shared by the user compared to other users in the tenant in the last 100 days. | 0-100 |
| Collaboration Patterns | New cloud service used to share data for the first time | New CSP (Cloud Service Provider) used to share data for the first time. | 0-100 |
Access Risk Attributes
The Access Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers all the access activities performed by the user in the last 100 days, with location as the main factor.
| Category | Attribute | Description | Possible Value |
|---|---|---|---|
| Access Patterns | Increase in the number of user's new locations | Increase in the number of new locations (City, Country, Region) used by the user compared to the user's location history in the last 100 days. | 0-100 |
| Access Patterns | Increase in the number of new locations compared to other users | Increase in the number of new locations used by the user compared to other users in the tenant in the last 100 days. | 0-100 |
| Access Patterns | Increase in the number of known bad locations | Increase in the number of known bad locations used by the user such as Blacklisted/TOR/anonymous proxies compared to the user's bad location history in the last 100 days. | 0-100 |
| Access Patterns | Increase in the number of known bad locations compared to other users | Increase in the number of known bad locations used by the user compared to other users in the tenant in the last 100 days. | 0-100 |
Login Risk Attributes
The Login Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers only the login activities performed by the user.
| Category | Attribute | Description | Possible Value |
|---|---|---|---|
| Login Patterns | Login success as a percentage of total activities | Percentage of successful logins compared to the total number of activities. | 0-100 |
| Login Patterns | Days with successful logins (last 100 days) | Percentage of days with successful logins in the last 100 days. | 0-100 |
| Login Patterns | Increase in the number of failed logins | Increase in the number of failed logins by the user compared to the the user's failed login history in the last 100 days. | 0-100 |
| Login Patterns | Increase in the number of failed logins compared to other users | Increase in the number of failed logins by the user compared to other users in the tenant in the last 100 days. | 0-100 |
Upload Risk Attributes
The Upload Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers only the file upload activities performed by the user.
| Category | Attribute | Description | Possible Value |
|---|---|---|---|
| Upload Patterns | Increase in files uploaded from trusted IPs | Increase in the number of files uploaded by the user compared to the user's file upload history (from trusted IP's) in the last 100 days. | 0-100 |
| Upload Patterns | Increase in files uploaded from untrusted IPs | Increase in the number of files uploaded by the user compared to the user's file upload history (from non trusted IP's) in the last 100 days. | 0-100 |
| Upload Patterns | Increase in files uploaded from blacklisted IPs | Increase in the number of files uploaded by the user compared to the user's file upload history (from blacklisted IP's) in the last 100 days. | 0-100 |
| Upload Patterns | Increase in files uploaded compared to other users | Increase in the number of files uploaded by the user compared to other users in the tenant. | 0-100 |