Threat and Risk Level Calculation
What is the difference between Risk and Threat?
The ‘Risk’ level is a holistic metric determined by carefully assessing a set of essential parameters like security events, scopes shared, compliance information, security probes etc. The Risk level can also manually be overridden.
‘Threat’ level is determined based on the app's scopes and permissions to read and edit your data.
Risk level
Zluri provides you with a 360-degree view of security & compliance with each SaaS application you use in your organization. It considers the following factors while calculating the risk score:
- Scope risk levels: Scope risk levels are decided by the sensitivity of the scopes they have access. For example, if an application has access to a scope that allows it to access & delete all your Google Drive files, that is considered a high-risk scope. In comparison, if an application has access to a scope that allows you to access only a user's email ID, that is considered a low-risk scope.
- Compliances: The more compliances an application complies with, the more secure the application is. An application such as Slack is compliant with all significant compliances globally. Hence we consider it more secure when compared to an application with a lesser number of compliances.
- Security Probes: Zluri collects security-related information from third-party websites like syllabus, Immuniweb, imirhil etc. Then Zluri takes the weighted average of these security grades & presents it on the dashboard on a range from A to F- A representing a highly secure application & F being a lowly secure application.
- Recent security breaches: Zluri also constantly monitors the security breaches related to SaaS applications and increases the risk score if a recent security breach related to any application comes to the news.
Based on the above-mentioned factors, zluri assigns a security score rating from 1 to 5, where 1 & 2 means low risk, 3 is medium risk & 4,5 means high risk.
What actions can be taken based on the security scores?
Actions can be taken based on the authorization status of the applications. A few scenarios are explained below.
- Suppose a 'restricted' application is identified as a high-risk application. In this case, as an IT admin, you can notify all users of the applications to stop using the application & remove the authentications of the application from the SSO.
- If an application comes under 'managed IT' is identified as a high-risk application. In this case, You may notify the users to securely access the application using SSO by enabling 2FA. or look for more secure alternatives to the applications.
- Suppose an application that 'needs review' is identified as high-risk. In this case, You may review the application & mark it as either 'managed IT'/'Unmanaged IT'/'Restricted'. Based on the authentication level, you can take appropriate action.
Threat level
Zluri calculates the threat level based on the scopes the application has access to. Based on the sensitivity of the data it has access to and the criticality of the actions it can perform on them.
For example: A scope which gives access to any application to access & delete your Google drive data is considered to be at a higher threat level than any application which has access to just read Google mail data.
Updated 2 months ago