Configuring Risk

By understanding risk, you can highlight the identified weaknesses and prioritize actions according to the potential impact of a security breach.

Risk configuration can be used for the following purposes:

  • Prioritize the result of incidents by focusing first on the higher risk incidents

  • Find the highest risk cloud service accounts or cloud identities and reduce the organizational risk

The Delinea Platform assesses account access scope, ongoing attacks, and inherent vulnerabilities in each account's security to provide a comprehensive understanding of risk.

Risk Types

The platform presents scores for the following types of cloud service user risk:

  • Overall risk: Total risk score, combining the blast radius and takeover risk.

  • Blast radius risk: The risk of potential damage based on how much access each cloud service account or cloud identity has. Blast radius risk incorporates account administrative access, shadow admin privileges, privileged access, and non-privileged access.

  • Account takeover risk: The risk of a cloud service account being taken over. Account takeover risk is calculated based on relevant platform detection rules (from the detection, account takeover, and stale access categories). Risk reflects the weakness of the account (for example, lacking MFA) or if an actual attack was detected on the accounts (for example, a brute force attack).

To view risk scores:

From the left navigation, select Inventory, then Identities.

You can see risk scores for each cloud service user on the Identities inventory tab. You might need to enable the display of these columns. For more information about this tab, see Identities

When you click a cloud service user, the user's risk scores are displayed on the single entity page, on both the Overview tab (summarized) and the Accounts tab (detailed).

On the Accounts tab, when you hover over the overall risk, you can see why the risk score was assigned.

Configuring Risk

Risk scores are determined by underlying risk factors. You can customize the importance and relevance (weight) of these risk factors so that the risk scores presented reflect your specific needs.

Blast radius risk is determined by the importance assigned to each access factor.

Account takeover risk is determined by the findings of each detection rule and the importance assigned to each rule. The detection rules shown are those in the Detection, Account takeover, and Stale access groups.

To configure risk:

  1. In the left navigation, select Settings > Risk Configuration.

  2. The Blast Radius tab shows the risk factors that make up the blast radius score. To see the definition of a risk factor, click its tool tip. To set levels for account takeover risk, select the Account Takeover tab.

  3. Click an importance level for a factor. To ignore the risk factor entirely, toggle it to be inactive.

    If a detection rule was disabled or deleted through the Detection Rules page, it is still shown in the Account Takeover tab, but it will not be relevant to the score, regardless of the weight you select.

  4. Repeat for other risk factors.

Changes are saved automatically. The risk score calculation will reflect the updated weighting within four hours.