Skip to main content
Skyhigh Security

User Risk Attributes

A user's risk score is computed in part by calculating against a series of Risk Attributes. Each attribute is weighted individually. The aggregate score is used to determine the User Risk Score. User risk is evaluated in terms of the following categories, attributes, and values defined by Skyhigh CASB

Download Risk Attributes

The Download Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers the file download activities performed by a user in the last 100 days.

Category Attribute Description Possible Value
Download Patterns Percentage of files downloaded to unmanaged devices Percentage of files downloaded to unmanaged devices. 0-100
Download Patterns Percentage of files downloaded from untrusted IPs Percentage of files downloaded from non trusted IP's. 0-100
Download Patterns Percentage of files downloaded from Blacklisted entities Percentage of files downloaded from blacklisted entities. 0-100
Download Patterns Increase in files downloaded Increase in the number of files downloaded by the user compared to the user's file download history in the last 100 days. 0-100
Download Patterns Increase in files downloaded compared to other users Increase in the number of files downloaded by the user compared to other users in the tenant in the last 100 days. 0-100

Cloud Usage Risk Attributes

The Cloud Usage Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers all the cloud usage activities performed by a user.

Category Attribute  Description Possible Value
Cloud Usage Patterns Managed SaaS apps used by the user Number of managed SaaS applications used by the user. 0-100
Cloud Usage Patterns SaaS aaps used by the user compared to other users Number of SaaS applications used by the user compared to other users in the tenant. 0-100
Cloud Usage Patterns Number of devices (OS:UserAgent) Number of devices (OS:UserAgent) used by the user compared to the user's device history in the last 100 days. 0-100
Cloud Usage Patterns Number of devices (OS:UserAgent) compared to other users Number of devices (OS:UserAgent) used by the user compared to other users in the tenant in the last 100 days. 0-100
Cloud Usage Patterns Number of networks (Org names) Number of networks (Org Names) used by the user compared to the user's network history in the last 100 days. 0-100
Cloud Usage Patterns Number of networks (Org names) compared to other users Number of networks (Org Names) used by the user compared to others users in the tenant in the last 100 days. 0-100
Cloud Usage Patterns  Number of user's activities in a day Number of user's activities in a day compared to the user's activities in the last 100 days. 0-100
Cloud Usage Patterns Number of user's activities in a day compared to other user's Number of user's activities in a day compared to other users in the tenant in the last 100 days. 0-100

Threat Risk Attributes

The Threat Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers all the threats associated with a user in the last 100 days.

Category Attribute  Description Possible Value
Threat Patterns Increase in the number of user threats Increase in the number of user threats compared to the user's threat history in the last 100 days. 0-100
Threat Patterns Increase in the number of user threats compared to other users Increase in the number of user threats compared to other users in the tenant in the last 100 days. 0-100
Threat Patterns Increase in the number of user anomalies Increase in the number of user anomalies compared to the user's anomaly history in the last 100 days. 0-100
Threat Patterns Increase in the number of user anomalies compared to other users Increase in the number of user anomalies compared to other users in the tenant in the last 100 days. 0-100
Threat Patterns Increase in the number of high risk user anomalies Increase in the number of high-risk user anomalies compared to the user's high-risk anomaly history in the last 100 days.   0-100

Incident Risk Attributes

The Incident Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers all the incidents associated with a user in the last 100 days.

Category  Attribute Description Possible Value
Incident Patterns Increase in the number of malware incidents Increase in the number of malware incidents by the user compared to the user's malware incident history in the last 100 days. 0-100
Incident Patterns Increase in the number of malware incidents compared to other users Increase in the number of malware incidents by the user compared to other users in the tenant in the last 100 days. 0-100
Incident Patterns Increase in the number of DLP incidents Increase in the number of DLP incidents by the user compared to the user's DLP incident history in the last 100 days. 0-100
Incident Patterns Increase in the number of DLP incidents compared to other users Increase in the number of DLP incidents by the user compared to other users in the tenant in the last 100 days. 0-100
Incident Patterns Increase in the number of access control incidents Increase in the number of access control violations by the user compared to the user’s access control violation history in the last 100 days. 0-100
Incident Patterns Increase in the number of access control incidents compared to other users Increase in the number of access control violations by the user compared to other users in the tenant in the last 100 days. 0-100

Privilege Risk Attributes

The Privilege Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers only the activities performed by a privileged user in the last 100 days.

Category Attribute  Description Possible Value
Privilege Patterns Increase in the number of administrator activities Increase in the number of administrator activities by the user compared to the user's administrator activity history in the last 100 days. 0-100
Privilege Patterns Increase in the number of administrator activities compared to other admins Increase in the number of administrator activities by the user compared to other administrators in the tenant in the last 100 days. 0-100
Privilege Patterns Increase in the number of data access activities Increase in the number of data access activities by the user compared to the user's data access activity history in the last 100 days. 0-100
Privilege Patterns Increase in percentage of untrusted admin activities Increase in the percentage of non trusted administrator activities by the user compared to the user's non trusted administrator activity history in the last 100 days. 0-100
Privilege Patterns Increase in the number of admin anomalies Increase in the number of administrator anomalies by the user compared to the user's administrator anomaly history in the last 100 days. 0-100

Collaboration Risk Attributes

The Collaboration Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers all the collaboration activities performed by the user.

Category Attribute Description Possible Value
Collaboration Patterns Increase in the number of files shared with internal and external users Increase in the number of files shared (internally, externally) by the user compared to the user's file share history in the last 100 days. 0-100
Collaboration Patterns Increase in the number of files shared compared to other users Increase in the number of files shared by the user compared to other users in the tenant in the last 100 days. 0-100
Collaboration Patterns New cloud service used to share data for the first time New CSP (Cloud Service Provider) used to share data for the first time.  0-100

Access Risk Attributes

The Access Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers all the access activities performed by the user in the last 100 days, with location as the main factor.

Category Attribute Description Possible Value
Access Patterns Increase in the number of user's new locations Increase in the number of new locations (City, Country, Region) used by the user compared to the user's location history in the last 100 days. 0-100
Access Patterns Increase in the number of new locations compared to other users Increase in the number of new locations used by the user compared to other users in the tenant in the last 100 days. 0-100
Access Patterns Increase in the number of known bad locations Increase in the number of known bad locations used by the user such as Blacklisted/TOR/anonymous proxies compared to the user's bad location history in the last 100 days. 0-100
Access Patterns Increase in the number of known bad locations compared to other users Increase in the number of known bad locations used by the user compared to other users in the tenant in the last 100 days.  0-100

Login Risk Attributes

The Login Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers only the login activities performed by the user.

Category Attribute Description Possible Value
Login Patterns Login success as a percentage of total activities Percentage of successful logins compared to the total number of activities. 0-100
Login Patterns Days with successful logins (last 100 days) Percentage of days with successful logins in the last 100 days. 0-100
Login Patterns Increase in the number of failed logins Increase in the number of failed logins by the user compared to the the user's failed login history in the last 100 days. 0-100
Login Patterns Increase in the number of failed logins compared to other users Increase in the number of failed logins by the user compared to other users in the tenant in the last 100 days. 0-100

Upload Risk Attributes

The Upload Risk score is calculated based on the following categories, attributes and values defined by Skyhigh CASB. This score considers only the file upload activities performed by the user.

Category Attribute Description Possible Value
Upload Patterns Increase in files uploaded from trusted IPs Increase in the number of files uploaded by the user compared to the user's file upload history (from trusted IP's) in the last 100 days. 0-100
Upload Patterns Increase in files uploaded from untrusted IPs Increase in the number of files uploaded by the user compared to the user's file upload history (from non trusted IP's) in the last 100 days. 0-100
Upload Patterns Increase in files uploaded from blacklisted IPs Increase in the number of files uploaded by the user compared to the user's file upload history (from blacklisted IP's) in the last 100 days. 0-100
Upload Patterns Increase in files uploaded compared to other users Increase in the number of files uploaded by the user compared to other users in the tenant. 0-100
 
  • Was this article helpful?