{"type":"doc","content":[{"type":"paragraph","content":[{"text":"As part of its risk management solution, EmpowerID includes a Risk Analytics microservice that you can host in Azure or IIS to help your organization move toward becoming a “Zero Trust, Zero Standing” environment. The microservice provides access to a Risk Analytics dashboard with real-time visibility to key security-related metrics. You gain insights into potentially risky conditions, such as the current number of orphan accounts within the organization or the top 10 people with high-risk functions. This data can be useful for measuring an organization’s current risk exposure and improving it through optimization workflows designed to move the organization to “Zero Standing.” Progress is visualized with timeline graphs.","type":"text"}]},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"easy-html-macro","parameters":{"macroParams":{"theme":{"value":"{\"label\":\"solarized_dark\",\"value\":\"solarized_dark\"}"},"contentByMode":{"value":"{\"html\":\"\\r\\n\\r\\n\\r\\n\\r\\n

By a Zero Standing environment, we mean an environment where privileged access is completely removed from users where such access is not warranted and converted from standing, always-available access to \\\"Just-In-Time\\\" \\r\\naccess when needed for job functions. Users with \\\"Just-In-Time\\\" access can enable their access in the IAM Shop. When enabled, they have access to the resource for a limited time as specified by the Access Request policy that controls access to it.

\\r\\n \\r\\n

Each organization determines what they consider to be risky for its environment and creates policies to score the risk appropriately. Scores are added to users based on these policies\\r\\n and used in the Risk Analytics dashboard to provide each organization with actionable risk information unique to their respective environments.

\\r\\n

\",\"javascript\":\"\",\"css\":\"\"}"},"__bodyContent":{"value":""}},"macroMetadata":{"macroId":{"value":"a7454ff7-674a-45aa-b68a-9cac3b0f6edb"},"schemaVersion":{"value":"1"},"placeholder":[{"type":"icon","data":{"url":"https://macrosuitev2.veniture.org/img/EasyHtml.svg"}}],"title":"Easy HTML (by MacroSuite)"}},"localId":"51abe7a3-3cbb-4f55-934d-76ec2a5553a0"}},{"type":"mediaSingle","attrs":{"layout":"align-start","width":66.0},"content":[{"type":"media","attrs":{"width":1305,"id":"7069b9c4-69bf-4e16-824b-b246b227ac66","collection":"contentId-2925199521","type":"file","height":952}}]},{"type":"paragraph"},{"type":"paragraph"},{"type":"heading","attrs":{"level":2},"content":[{"text":"About the Risk Analytics Dashboard","type":"text"}]},{"type":"paragraph","content":[{"text":"The Risk Analytics microservice delivers risk-associated information as a dashboard of widgets with high-level information with links to reports and optimization workflows. Areas of concern can be investigated further via in-depth reports and mitigated immediately through optimization workflows. Dashboard widgets include those below.","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Top of Mind","type":"text"}]},{"type":"paragraph","content":[{"text":"At the top of the dashboard, there is a ","type":"text"},{"text":"Top of Mind","type":"text","marks":[{"type":"strong"}]},{"text":" view containing buttons with risk-related statistics. The out-of-the-box statistics are shown below. Top Of Mind can be customized to show only stats important to the organization.","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":66.0},"content":[{"type":"media","attrs":{"width":1361,"id":"3a5c49a3-4d89-451a-811b-30bbe881289c","collection":"contentId-2925199521","type":"file","height":389}}]},{"type":"paragraph"},{"type":"paragraph","content":[{"text":"Users can click any of the buttons displayed in Top of Mind to view more detailed information about the statistic displayed on the button. For example, the ","type":"text"},{"text":"AD accounts password never expires","type":"text","marks":[{"type":"strong"}]},{"text":" button provides the total number of AD accounts in the organization with passwords that never expire. To view the details that make up the statistic, such as which AD accounts have passwords that never expire, users click the button. Doing so, opens the ","type":"text"},{"text":"AccountPasswordNeverExpires","type":"text","marks":[{"type":"strong"}]},{"text":" report in a new browser tab. From the report, administrators can navigate to each account and view more details about the account and initiate workflows against the account, such as changing the account password, removing it from groups, disabling it, and more. ","type":"text"},{"type":"hardBreak"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":66.0},"content":[{"type":"media","attrs":{"width":1263,"id":"0c0564e8-37ec-4752-bc8f-c5118643916d","collection":"contentId-2925199521","type":"file","height":802}},{"type":"caption","content":[{"text":"AD Accounts Password Never Expires","type":"text","marks":[{"type":"em"}]},{"text":" report that opens when clicking the ","type":"text"},{"text":"AD accounts never expires ","type":"text","marks":[{"type":"strong"}]},{"text":"button in the ","type":"text"},{"text":"Top of Mind","type":"text","marks":[{"type":"em"}]},{"text":" view","type":"text"}]}]},{"type":"paragraph"},{"type":"heading","attrs":{"level":2},"content":[{"text":"Percent Optimized","type":"text"}]},{"type":"paragraph","content":[{"text":"Percent optimized displays charts with current optimization percentages for groups, Management Roles, and Azure Roles classified as high security. You can quickly what percentage of your high security group and role memberships have been converted from standing memberships to “Just-In-Time” memberships. This information is crucial for implementing a “Zero Trust, Zero Standing” environment. ","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":66.0},"content":[{"type":"media","attrs":{"width":1322,"id":"6c2790da-b218-40aa-84ef-f6fbb180ab6d","collection":"contentId-2925199521","type":"file","height":383}},{"type":"caption","content":[{"text":"Percent Optimized view showing the percentages of high security groups, Management Role, and Azure Roles with memberships converted to Just-In-Time","type":"text"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"type":"hardBreak"},{"type":"hardBreak"},{"text":"Timelines","type":"text"}]},{"type":"paragraph","content":[{"text":"The dashboard contains several timeline charts that display historical risk-related data viewable over a period of time. ","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Progression Towards Just In Time Infrastructure","type":"text"}]},{"type":"paragraph","content":[{"text":"This chart provides a visual representation of the organization’s movement toward becoming a Zero Standing, Just-In-Time (JIT) environment. The chart provides plotted points corresponding to the number of High Risk Azure Roles, High Risk Management Roles, and High Risk Security Groups with members that have been converted to JIT.","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":66.0},"content":[{"type":"media","attrs":{"width":1688,"id":"ef3c3b9c-8c7d-4c7f-8ac5-7a702b1576b3","collection":"contentId-2925199521","type":"file","height":887}}]},{"type":"paragraph"},{"type":"paragraph"},{"type":"heading","attrs":{"level":3},"content":[{"text":"Average Risk Scores and Sum of Total Risk Scores","type":"text"}]},{"type":"paragraph","content":[{"text":"These two charts provide a timeline of intersecting average risk scores and risk score sums per month, respectively. Hover the mouse over a specific point to view the scores for that timeframe. Each organization determines what they consider to be risky for its environment and creates policies to score the risk appropriately. This keeps risk scores from simply being arbitrary numbers. ","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":66.0},"content":[{"type":"media","attrs":{"width":1603,"id":"83d9ae08-762a-41be-8372-e86d3022d464","collection":"contentId-2925199521","type":"file","height":564}}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":66.0},"content":[{"type":"media","attrs":{"width":1604,"id":"47a1225c-5e1b-4c42-80d6-995c2b9647e6","collection":"contentId-2925199521","type":"file","height":582}}]},{"type":"paragraph"},{"type":"heading","attrs":{"level":2},"content":[{"text":"Stats","type":"text"}]},{"type":"paragraph","content":[{"text":"The Stats view contain cards of information for risk-related resources such as privileged identities, accounts, roles, and local computer admins. This gives administrators the view pertinent risk data surrounding these resources. Stats can be customized to display different cards.","type":"text"}]},{"type":"layoutSection","content":[{"type":"layoutColumn","attrs":{"width":33.33},"content":[{"type":"mediaSingle","attrs":{"layout":"center","width":66.0},"content":[{"type":"media","attrs":{"width":411,"id":"6b693456-bd34-49a1-aa2c-6cf96c4ef514","collection":"contentId-2925199521","type":"file","height":700}}]},{"type":"paragraph"},{"type":"mediaSingle","attrs":{"layout":"center","width":66.0},"content":[{"type":"media","attrs":{"width":411,"id":"cde210d9-fed5-477f-aabc-fb51d0bdbcd4","collection":"contentId-2925199521","type":"file","height":406}}]},{"type":"paragraph"}]},{"type":"layoutColumn","attrs":{"width":33.33},"content":[{"type":"mediaSingle","attrs":{"layout":"center","width":66.0},"content":[{"type":"media","attrs":{"width":386,"id":"6de111af-563b-4442-bd02-15f473806186","collection":"contentId-2925199521","type":"file","height":492}}]},{"type":"mediaSingle","attrs":{"layout":"center","width":66.0},"content":[{"type":"media","attrs":{"width":416,"id":"fac3f696-3efc-4e87-afe4-54039087ed2a","collection":"contentId-2925199521","type":"file","height":384}}]},{"type":"mediaSingle","attrs":{"layout":"center","width":66.0},"content":[{"type":"media","attrs":{"width":416,"id":"fa2a62e0-718e-41e3-abeb-74c70a995431","collection":"contentId-2925199521","type":"file","height":493}}]},{"type":"paragraph"}]},{"type":"layoutColumn","attrs":{"width":33.33},"content":[{"type":"mediaSingle","attrs":{"layout":"center","width":66.0},"content":[{"type":"media","attrs":{"width":389,"id":"b648851e-5fba-42a8-810f-e25d03316a8b","collection":"contentId-2925199521","type":"file","height":499}}]},{"type":"mediaSingle","attrs":{"layout":"center","width":66.0},"content":[{"type":"media","attrs":{"width":415,"id":"aa6d3d23-0c2a-43dd-9025-f0d4abe23d74","collection":"contentId-2925199521","type":"file","height":492}}]},{"type":"paragraph"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Top 10","type":"text"}]},{"type":"paragraph","content":[{"text":"The Top 10 view provides insights into the riskiest people, groups, and roles in your organization. ","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"People By # Of High Risk Functions","type":"text"}]},{"type":"paragraph","content":[{"text":"This lists the top 10 people by risk score who have the ability to perform high risk functions, ","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":33.0},"content":[{"type":"media","attrs":{"width":623,"id":"1a72046f-bb7b-470c-9687-3691cb6d6af7","collection":"contentId-2925199521","type":"file","height":939}}]},{"type":"paragraph","content":[{"text":"To see more details about the risky functions for a given person, click the entry for that person. This opens the view page for that person in another browser tab. From that page, you can view a functional access report showing the functions the person can perform and the risk level associated with each. ","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":66.0},"content":[{"type":"media","attrs":{"width":1362,"id":"9679526e-4763-4d37-9485-28b959a76881","collection":"contentId-2925199521","type":"file","height":833}}]},{"type":"paragraph"},{"type":"heading","attrs":{"level":3},"content":[{"text":"People By # Of High Risk Memberships","type":"text"}]},{"type":"paragraph","content":[{"text":"This lists the top 10 people who have memberships in roles or groups that grant members access to high-risk information or functional access.","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start"},"content":[{"type":"media","attrs":{"width":630,"id":"62eb06d3-38c5-494c-962e-78ce4c918879","collection":"contentId-2925199521","type":"file","height":960}}]},{"type":"paragraph","content":[{"text":"To see more details about the high-risk memberships for a given person, click the entry for that person. This opens the view page for that person in another browser tab. From that page, you can view the membership access the person has to groups and roles. ","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":66.0},"content":[{"type":"media","attrs":{"width":1353,"id":"5b7d468e-348c-48ba-a18e-cbc42598acbe","collection":"contentId-2925199521","type":"file","height":869}}]},{"type":"paragraph","content":[{"text":"To optimize the risk for a given person, click the ","type":"text"},{"text":"Optimize Risk","type":"text","marks":[{"type":"strong"}]},{"text":" button. Doing so opens another browser tab and initiates the ","type":"text"},{"text":"OptimizeLeastPrivForPeople","type":"text","marks":[{"type":"strong"}]},{"text":" workflow. From there, search for the person you want to optimize and follow the workflow prompts to remove access as needed. ","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":66.0},"content":[{"type":"media","attrs":{"width":1340,"id":"02d048d0-f2e2-439f-9152-b6b286d317c5","collection":"contentId-2925199521","type":"file","height":577}}]},{"type":"paragraph"},{"type":"heading","attrs":{"level":3},"content":[{"text":"Top Risky Assignees by # of Members","type":"text"}]},{"type":"paragraph","content":[{"text":"This lists the top 10 risky groups and roles by the number of people belonging to those objects. While the list is scored by the number of members, each group or role in the list is considered risky based on its risk score.","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start"},"content":[{"type":"media","attrs":{"width":626,"id":"3dc0be4e-b74f-455f-abe3-414dfb94ebeb","collection":"contentId-2925199521","type":"file","height":910}}]},{"type":"paragraph","content":[{"text":"To see more details about the high-risk memberships for a given person, click the entry for that person. This opens the view page for that person in another browser tab. From that page, you can view the membership access the person has to groups and roles. ","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":66.0},"content":[{"type":"media","attrs":{"width":1335,"id":"830d94ad-6c92-4114-ad49-e468a5cba367","collection":"contentId-2925199521","type":"file","height":849}}]},{"type":"paragraph"},{"type":"heading","attrs":{"level":3},"content":[{"text":"People by # of Risk Violations","type":"text"}]},{"type":"paragraph","content":[{"text":"This lists the top 10 people within the organization by current number of violations to your risk policies. ","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start"},"content":[{"type":"media","attrs":{"width":627,"id":"7244e738-e2b0-47c5-ac4f-2af80e60890a","collection":"contentId-2925199521","type":"file","height":934}}]},{"type":"paragraph"},{"type":"paragraph","content":[{"text":"To see more details about the risk violations for a given person, click the entry for that person. This opens the view page for that person in another browser tab. From that page, you can view current risk violations, mitigation status, violation history, recertification items, and more. ","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":66.0},"content":[{"type":"media","attrs":{"width":1358,"id":"524890da-747e-4cad-a55e-9643d3c24bc2","collection":"contentId-2925199521","type":"file","height":849}}]},{"type":"paragraph","content":[{"type":"inlineExtension","attrs":{"extensionType":"com.atlassian.confluence.macro.core","extensionKey":"excerpt-include","parameters":{"macroParams":{"":{"value":"IL:External Stylesheet"},"nopanel":{"value":"true"}},"macroMetadata":{"macroId":{"value":"8300257e-4d06-403c-83cc-0eef7c30bcc4"},"schemaVersion":{"value":"1"},"title":"Excerpt Include"}},"localId":"0ac236f1-0bdb-469b-bd45-d4af20aafcdf"}}]}],"version":1}

Browser not supported