Risk Analytics Microservice

Owned by Phillip Hanegan
Feb 07, 2023
6 min read

As part of its risk management solution, EmpowerID includes a Risk Analytics microservice that you can host in Azure or IIS to help your organization move toward becoming a “Zero Trust, Zero Standing” environment. The microservice provides access to a Risk Analytics dashboard with real-time visibility to key security-related metrics. You gain insights into potentially risky conditions, such as the current number of orphan accounts within the organization or the top 10 people with high-risk functions. This data can be useful for measuring an organization’s current risk exposure and improving it through optimization workflows designed to move the organization to “Zero Standing.” Progress is visualized with timeline graphs.

 

 

About the Risk Analytics Dashboard

The Risk Analytics microservice delivers risk-associated information as a dashboard of widgets with high-level information with links to reports and optimization workflows. Areas of concern can be investigated further via in-depth reports and mitigated immediately through optimization workflows. Dashboard widgets include those below.

Top of Mind

At the top of the dashboard, there is a Top of Mind view containing buttons with risk-related statistics. The out-of-the-box statistics are shown below. Top Of Mind can be customized to show only stats important to the organization.

 

Users can click any of the buttons displayed in Top of Mind to view more detailed information about the statistic displayed on the button. For example, the AD accounts password never expires button provides the total number of AD accounts in the organization with passwords that never expire. To view the details that make up the statistic, such as which AD accounts have passwords that never expire, users click the button. Doing so, opens the AccountPasswordNeverExpires report in a new browser tab. From the report, administrators can navigate to each account and view more details about the account and initiate workflows against the account, such as changing the account password, removing it from groups, disabling it, and more.

 

Percent Optimized

Percent optimized displays charts with current optimization percentages for groups, Management Roles, and Azure Roles classified as high security. You can quickly what percentage of your high security group and role memberships have been converted from standing memberships to “Just-In-Time” memberships. This information is crucial for implementing a “Zero Trust, Zero Standing” environment.



Timelines

The dashboard contains several timeline charts that display historical risk-related data viewable over a period of time.

Progression Towards Just In Time Infrastructure

This chart provides a visual representation of the organization’s movement toward becoming a Zero Standing, Just-In-Time (JIT) environment. The chart provides plotted points corresponding to the number of High Risk Azure Roles, High Risk Management Roles, and High Risk Security Groups with members that have been converted to JIT.

 

 

Average Risk Scores and Sum of Total Risk Scores

These two charts provide a timeline of intersecting average risk scores and risk score sums per month, respectively. Hover the mouse over a specific point to view the scores for that timeframe. Each organization determines what they consider to be risky for its environment and creates policies to score the risk appropriately. This keeps risk scores from simply being arbitrary numbers.

 

Stats

The Stats view contain cards of information for risk-related resources such as privileged identities, accounts, roles, and local computer admins. This gives administrators the view pertinent risk data surrounding these resources. Stats can be customized to display different cards.

 

 

 

 

Top 10

The Top 10 view provides insights into the riskiest people, groups, and roles in your organization.

People By # Of High Risk Functions

This lists the top 10 people by risk score who have the ability to perform high risk functions,

To see more details about the risky functions for a given person, click the entry for that person. This opens the view page for that person in another browser tab. From that page, you can view a functional access report showing the functions the person can perform and the risk level associated with each.

 

People By # Of High Risk Memberships

This lists the top 10 people who have memberships in roles or groups that grant members access to high-risk information or functional access.

To see more details about the high-risk memberships for a given person, click the entry for that person. This opens the view page for that person in another browser tab. From that page, you can view the membership access the person has to groups and roles.

To optimize the risk for a given person, click the Optimize Risk button. Doing so opens another browser tab and initiates the OptimizeLeastPrivForPeople workflow. From there, search for the person you want to optimize and follow the workflow prompts to remove access as needed.

 

Top Risky Assignees by # of Members

This lists the top 10 risky groups and roles by the number of people belonging to those objects. While the list is scored by the number of members, each group or role in the list is considered risky based on its risk score.

To see more details about the high-risk memberships for a given person, click the entry for that person. This opens the view page for that person in another browser tab. From that page, you can view the membership access the person has to groups and roles.

 

People by # of Risk Violations

This lists the top 10 people within the organization by current number of violations to your risk policies.

 

To see more details about the risk violations for a given person, click the entry for that person. This opens the view page for that person in another browser tab. From that page, you can view current risk violations, mitigation status, violation history, recertification items, and more.