4.1. Common use cases for risk scoring
PxM reports on a wide range of valuable information to assist in evaluating sources of risk.
The following are examples of a large selection of tools that PxM provides administrators with to gauge the security of their provisioned devices:
- The Summary tab on the User rights audit provides an overview of how PxM minimises the need for privileged access to your devices. This tab provides you with a breakdown of user engagement, including a chart indicating the proportion of users who have engaged in full usage of devices (run tasks and made device connections), device connections only, tasks only and PxM Client only. If you find the proportion of users engaged in full usage unusually high, consider developing or enabling more tasks to run on devices to reduce your risk profile.
- The Management report also helps administrators evaluate the security of their devices. This report includes a breakdown of PxM password management coverage. High proportions of Managed and Fully managed passwords indicate strong PxM device protection.
If you are concerned that a specific device may be compromised or was subject to suspicious access, you can use the following PxM tools to help determine what steps to take next:
- The Device access report provides a list of device connections made through PxM, detailing information on the user IP address and access level, as well as the time and duration of the session. Filtering the list for the device of interest may reveal a suspicious session. After identifying the user responsible, you may want to investigate that user’s activity across all devices. If session recording is enabled on the device, you can view a recording to see exactly what happened on the device during the session. However, it may not be practical to enable session recording for every device.
- The Behaviour analytics report generates graphs on posture, latent threat and suspicion by time. Generating a user posture chart is useful when investigating a user. Suspicion is based on individual user logins, particularly when made from multiple IP addresses.