Chris Gabel - User Risk Application - September 2016
List your name and title:
Chris Gabel
Consulting GRC Application Engineer
List the use case name:
User Risk Application
Add a description of the use case:
The User Risk App is an ODA that collects data from AD, our PAM solution, phishing testing results, system vulnerabilities, DLP and splunk. The solution is used to determine which users are considered the highest risk to our organization based on a variety of situational risk scenarios. We can also determine which users based on those scenarios could be violating certain company policies. By targeting those users we can automatically kick off a series of remediation options from targeted user training to removing of permissions or manual patching of systems.
Mention any innovative capabilities that were configured:
Prior to the implementation of the User Risk App we had a series of systems that collected information about our users but did not have a way to correlate that disparate data and relate the information to a risk register or generate findings for remediation. The project initially began as a way to tie system vulnerabilities to users but quickly expanded to include advanced analytics for our phishing testing program and a way to automate information sharing between the access control group and the asset management team. The system integrates with a variety of disparate systems. And uses an integration with AD to automate the removal of certain permissions based on data access and system vulnerabilities. It has also started a discussion of trending users that continue to be the victims of certain phishing or malware attacks.
Talk about the return on investment (ROI) in terms of real dollars, efficiency savings or other gains from using the functionality in Archer. Describe how the savings were attained and over what time period:
The solution has just been released so the exact ROI is still being calculated. At the very least we will save 120 hrs of manual work just from the integration with the phishing reports. We will also be monitoring the time savings related to user provisioning and the impact related to tracking risky employees.
Mention how this use case integrates with other use cases inside or outside Archer:
The application ties into Metrics for phishing reporting, vulnerabilities and incidents. The situational risk scenarios can generate findings that are tied to the risk register. The solution also integrates with our DLP solution, Vulnerability scanning solution, PhishMe and AD.
Please sign in to leave a comment.
Comments
0 comments