2.1 Configuring a Risk Policy

A risk policy includes one or more risk rules. Risk Service uses a risk policy to evaluate the risk based on the rules assigned to that policy. A rule contains a condition for which you want to evaluate the risk associated with each login attempt.

Before configuring a risk policy, determine the following details:

  • The web application or network you want to secure.

  • The parameters you want to assess during a login attempt.

  • (Advanced setting) The risk score for each parameter.

  • Whether you want to record the details of the risk assessment.

  • Identify the database to store details of the risk assessment.

Steps to Configure a Risk Policy

  1. Click the Create a Risk Policy icon.

  2. Specify the following details:

    • Policy Name: Specify a name for the policy.

    • Policy Description: Describe the purpose of this policy.

  3. Assign risk rules.

    You can select a rule from the existing list or create a new rule. You can assign multiple rules to a policy. The rules are executed in the top to bottom sequence. You can drag and drop to change the priority and sequence of rules.

    1. Click the Add Rule icon.

    2. Click one of the following options:

      • Click Add New Rule to create a new rule. For details, see Configuring Risk Rules.

      • Click Add Existing Rule to select one or more rules from the Rule Selection window.

    3. (Optional) You can configure a specific rule as a decisive rule and define an action if that rule condition is met.

      Click the Rule Actions () icon of the rule and configure the action. You can configure one of the following actions for a rule:

      • Allow Access: If the rule succeeds, the risk level is Low, other rules in the policy are not executed.

      • Deny Access: If the rule fails, the risk level is High, other rules in the policy are not executed. A message, Access has been denied is displayed and the user is denied access to the resource.

      • Proceed with next rule: The next rule in the policy is executed irrespective of whether this rule succeeds or fails.

      For more information, see Action If Condition Succeeds.

      IMPORTANT:If you have configured Deny Access as Rule Actions for the rule, you must set the score as 0 for this rule in Advanced Mode. This ensures that the risk score is not accumulated for low-risk and medium-risk Interset users.

      For information about configuring risk scores, see Configuring Advanced Settings for a Risk Policy.

  4. Configure the risk levels.

    You can define risk levels according to the number of failed rules in the policy. Numeric values that display below the slider represent the number of rules that are assigned to the policy.

    1. Move the blue slider and set the preferred number of rules to signify a medium-risk level.

    2. Move the green slider and set the preferred number of rules to signify a low-risk level.

      NOTE:The red segment indicates a high risk-level.

    For example, let us assume the policy contains three rules and you want to accomplish the following configuration:

    Failed Rules

    Risk Level

    0

    Low

    1

    Medium

    2 or 3

    High

    Set the blue slider to 1 and the green slider to 0 values respectively.

  5. Click Save.

  6. (Optional) Set the risk scores for rules. For details, see Configuring Advanced Settings for a Risk Policy.

Configuring Advanced Settings for a Risk Policy

After configuring a risk policy, you can configure risk score for each rule in that policy. This risk score indicates the priority and criticality of the rule.

For example, you have configured a set of rules in a risk policy. You want one of these rules to be the most important rule. To achieve this, assign that rule a higher risk score compared to other rules. If the rule evaluation is successful, the risk score is set as zero.

If a rule evaluation is not successful, the risk score is set as the value of the rule. If you have configured multiple rules, the total risk score is the sum of risk scores of all the failed rules.

To configure the risk score, perform the following steps:

  1. Open the risk policy for which you want to configure risk scores.

  2. Click Configuration () icon > Advanced Mode.

  3. Change the value in Risk Score for each rule as required.

    By default, the risk score for each rule is set to 100.

    You can define risk levels according to the risk score accumulated due to failed rules. Numeric values that display below the slider represent the total risk score for all rules.

  4. Click Save.