Introducing User Risk Based Detection
Use User Risk-based Detection to trigger policies based on the risk score for a particular user.
You can use Symantec Information Centric Analytics (ICA) with
Symantec Data Loss Prevention
to protect sensitive data in your organization. ICA allows you to configure user risk scoring settings to display risk vectors and indicate risk ratings. For more information about configuring ICA, see the
Symantec Information Centric Analytics
documentation available at the Information Security
help center.The following user risk based detection options are available:
- Create policy rules that protect sensitive data based on the user risk score.
- Apply user risk scores to the following supported detection channels:
- Network Monitor
- Network Prevent for Web
- Network Prevent for Email
- Endpoint Prevent
This solution works with your existing Symantec Data Loss Prevention policies on DLP cloud detectors, including DLP Cloud Service for Email, Symantec Web Security Service (WSS), and DLP Cloud Detection Service with CASB. - View the user risk score in incidents triggered by policies where no user risk condition is specified. DLP incident moderators can use the risk score information to determine user risk.
- Respond to incidents based on the user risk score
On endpoints, user risk-based detection applies to any user logged on to the endpoint. The user risk information is saved in the agent store on the endpoint. The Endpoint Server sends user risk data to the endpoint. Users risk detection on the endpoint supports domain/user and hostname/user user formats.
User risk-based detection supports the following sender formats:
Format | Example |
|---|---|
SMTP | |
NTLM | WinNT://abc/jane.doe Local://abc/jane.doe or abc/jane.doe |
LDAP | LDAP://host.abc.com/CN=Jane Doe,CN=Users,DC=abc,DC=com |