Skip to main content
McAfee MVISION Cloud

User and Device Risk Management

User and device risk is evaluated on aspects such as allowing anonymous access, multifactor authentication, single sign-on methods, enterprise identity authentication, and device pinning. You can set weighs for attributes for authentication and security across the enterprise.

How is User Risk Score Computed?

The concept of “High Risk User” is applied throughout the product. User risk level is computed daily on a scale of 1–9 (9 implying highest risk). It is calculated using multiple data points representing user behavioral aspects such as usage patterns, risk of services used, or total data movement. User risk scores are computed using the entire usage history that MVISION Cloud has for the user. Risk ratings get more predictable as MVISION Cloud sees more data of usage from the user and might not be accurate for new users.

Individual usage is then indexed against an average user to compute a composite risk score. Risk scores are not dependent on time windows or are they sensitive to short bursts of activity in a small time window.

Because a user’s risk is based on their activity for the entire time they are monitored by MVISION Cloud, it is not possible to use this score to determine how risky a user is during a specific time period.

User/Device Risk Attributes

The User/Device Risk score is calculated out of the following categories, attributes, and values defined by MVISION Cloud. 

Category Attribute Description Possible Value
Questionable Features Anonymous Use Does the cloud service provider allow for anonymous access to the service? 10 - No
50 - Not publicly known
80 - Yes
Authentication Multifactor Authentication Does the service provider support multifactor authentication for users accessing the service? 10 - Yes
50 - Not publicly known
80 - No
Authentication Identity Federation Method What single sign-on methods does the cloud service provider support? 10 - SAML

Does CSP use SAML open standard for exchanging authentication and authorization data?
10 - SAML & OAUTH

Does CSP use both SAML & OAuth open standard for exchanging authentication and authorization data?
30 - OAUTH

Does CSP use OAUTH open standard for exchanging authentication and authorization data?
50 - Others

Does CSP use any of SSO, OpenID or LDAP for exchanging authentication and authorization data?
60 - Unknown
80 - None
Authentication Enterprise Identity Does the cloud service provider support integration with enterprise directories or authentication providers? 10 - Yes
30 - Not publicly known
80 - No
Security Device Pinning Does the cloud service provider support a method to identify unique devices connecting and accessing the service? 10 - Yes
30 - Not publicly known
60 - No

 

  • Was this article helpful?