Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Getting Started

  1. Last updated
  2. Save as PDF
Limited Availability: To access the Users page, contact Skyhigh Support.

The Users (Analytics > Users) page displays unique users who access Shadow and Sanctioned services, highlighting their associated risks within the organization. These risks include User Risk, Data Risk, Sanctioned Risk, and Shadow Risk.

The comprehensive view of unique users is retrieved from your organization’s Active Directory (AD), LDAP, or CSV files integration via the Cloud Connector.

Every user within the SSE platform can be configured with a unique identity for each Skyhigh product, ensuring security, proper access control, and accountability. Since different Skyhigh products can be configured with distinct identities, a single user's identity across the SSE platform may vary. By integrating the Cloud Connector with your organization's Active Directory, LDAP, or CSV file, you can identify unique users with multiple identities. These unique users are then displayed on the Users page.

Using the Users page, SOCs can perform a comprehensive user threat investigation or calculate multiple risk scores for a single user. 

Key Benefits
  • Unified activity monitoring. Unified access to all activities for a single user across Shadow and Sanctioned services using the user UID.
  • Unified threat protection. Anomalies and threats are detected based on user activities in Shadow and Sanctioned services.
  • Unified user risk score. The User Risk Score now includes activities from Shadow services, as well as data from approved SaaS applications.

NOTE:  

 

 

  • Risks are calculated only if the user was active in the past 7 days.
  • Tokenization is not supported for Shadow services.

Prerequisites

Before accessing the Users page, make sure the following prerequisites are met:

  1. You must configure the latest Skyhigh Cloud Connector version to populate users in the Users page.
  2. If you have an existing Active Directory, LDAP, or CSV configuration, you must reconfigure it. To reconfigure them, contact Skyhigh Support.

View Unique Users

 To view unique users, go to Analytics > Users. The User table displays the unique users based on the applied filters.

The hero stats display the following risks:

  • Total Users. Displays the total number of users based on the applied filters.
  • User Risk. Displays a comprehensive overview of risks, including Data Risk, Sanctioned Risk, and Shadow Risk. The Unified Risk Score is calculated using multiple data sources and includes:
    • Shadow user risk, in addition to existing Sanctioned risk parameters.
    • Shadow metrics in the Usage details view, alongside Sanctioned metrics.
    • Web DLP incidents are now factored into the overall user risk score.
  • Data Risk. Displays the overall risk score for all users in the table, based on sensitive activities triggered by DLP incidents such as uploading, sharing, or accessing data in the last 7 days.
  • Sanctioned Risk. Displays the risk score of all users in the table based on the usage of sanctioned SaaS services that took place in the last 7 days.
  • Shadow Risk. Displays the risk score of all users in the table based on their access to Shadow IT services activity and Web services usage over the last 7 days, derived from observed traffic and risk calculations. 

    Users_Page.png

The Users table provides the following information and actions:

  • Search. Search via the Omnibar
  • Filters. Select options on the Filters tab to scope down your search. 
    • User Risk. Categorize the User's risk into High, Medium, Low, and N/A. 
      • High. Select to display high-risk users in the Users table.
      • Medium. Select to display medium-risk users in the Users table.
      • Low. Select to display low-risk users in the Users table.
      • N/A. Displays N/A when required data is insufficient or not baselined, or when a user license is unavailable.
  • Actions. Click Actions to:
  • Severity. The values (Green for Low (1–3), Yellow for Medium (4–6), and Red for High (7–9)) indicate how much each user’s risk score exceeds the defined threshold.
  • Risk. Unified risk score. Skyhigh CASB calculates a default User Risk Score as an aggregate of data risk, Sanctioned SaaS risk, and Shadow SaaS risk. It uses Sanctioned and Shadow user activities, along with each user's security incidents, to rank users from 1 to 9 by risk severity.
    • Red. High.
    • Orange. Medium.
    • Yellow. Low.
  • User Name. Displays user name. Click a user in the table to display the Cloud Card.
  • Data Risk. Displays the risk score of an individual user based on sensitive activities triggered by DLP incidents such as uploading, sharing, or accessing data.
  • Sanctioned SaaS Risk. Displays the risk score of an individual user based on the usage of sanctioned SaaS services.
  • Shadow SaaS Risk. Displays the risk score of an individual user based on their access to Shadow IT services activity and Web services usage, derived from observed traffic and risk calculations. 

Select any user from the User table to view the User Cloud Card and click View Full User Details to view details of the selected user. To know details about the User Risk Score, see User Risk Score.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.