Citrix user risk indicators 编辑

User risk indicators are user activities that look suspicious or can pose a security threat to your organization. These risk indicators span across all Citrix products used in your deployment. The risk indicators are triggered when the user’s behavior deviates from the normal. Each risk indicator can have one or more risk factors associated with it. These risk factors help you to determine the type of anomalies in the user events. The risk indicators and their associated risk factors determine the risk score of a user.

The following are the risk factors associated with the risk indicators:

  • Device-based risk indicators: Triggers when a user signs in from a device that is considered unusual based on the user’s device history.

  • Location-based risk indicators: Triggers when a user signs in from an IP address associated with a location that is considered unusual based on the user’s location history.

  • IP-based risk indicators: Triggers when a user attempts to access resources from an IP address that has been identified as suspicious, regardless of whether the IP address is unusual for the user.

  • Logon-failure-based risk indicators: Triggers when a user has a pattern of excessive or unusual logon failures.

  • Data-based risk indicators: Triggers when a user tries to exfiltrate data out of a Workspace session. The user behaviors under observation include copy or paste events, download patterns, and so on.

  • File-based risk indicators: Triggers when a user’s behavior regarding file access on Content Collaboration is considered unusual based on their historical access pattern. The user behaviors under observation include download patterns, access to sensitive content, activities indicative of ransomware, and so on.

  • Custom risk indicators: Triggers when a pre-configured condition or a user-defined condition is met. For more information, see the following articles:

  • Other risk indicators- The risk indicators that do not belong to any one of the predefined risk factors such as Device-based, Location-based, and Logon failure-based.

The risk indicators are also grouped into risk categories based on the risk that are of similar nature. For more information, see Risk Categories.

The following table shows the correlation between the risk indicators, risk factors, and the risk categories.

ProductsUser Risk IndicatorRisk FactorRisk Category
Citrix Content CollaborationExcessive access to sensitive filesFile-based risk indicatorsData exfiltration
 Excessive file sharingOther risk indicatorsData exfiltration
 Excessive file or folder deletionFile-based risk indicatorsInsider threats
 Excessive file uploadsOther risk indicatorsInsider threats
 Excessive file downloadsFile-based risk indicatorsData exfiltration
 Impossible travelLocation-based risk indicatorsCompromised users
 Malware files detectedFile-based risk indicatorsInsider threats
 Ransomware activity suspectedFile-based risk indicatorsCompromised users
 Suspicious logonDevice-based risk indicators, IP-based risk indicators, Location-based risk indicators, and Other risk indicatorsCompromised users
 Unusual authentication failuresLogon-failure-based risk indicatorsCompromised users
Citrix Endpoint ManagementDevice with blacklisted apps detectedOther risk indicatorsCompromised endpoints
 Jailbroken or rooted device detectedOther risk indicatorsCompromised endpoints
 Unmanaged device detectedOther risk indicatorsCompromised endpoints
Citrix GatewayEnd point analysis (EPA) scan failureOther risk indicatorsCompromised users
 Excessive authentication failuresLogon-failure-based risk indicatorsCompromised users
 Impossible travelLocation-based risk indicatorsCompromised users
 Logon from suspicious IPIP-based risk indicatorsCompromised users
 Suspicious logonDevice-based risk indicators, IP-based risk indicators, Location-based risk indicators, and Other risk indicatorsCompromised users
 Unusual authentication failureLogon-failure-based risk indicatorsCompromised users
Citrix Secure Private AccessAttempt to access blacklisted URLOther risk indicatorsInsider threats
 Excessive data downloadOther risk indicatorsInsider threats
 Risky website accessOther risk indicatorsInsider threats
 Unusual upload volumeOther risk indicatorsInsider threats
Citrix DaaS (formerly Citrix Virtual Apps and Desktops service) and on-premises Citrix Virtual Apps and Desktops)Impossible travelLocation-based risk indicatorsCompromised users
 Potential data exfiltrationData-based risk indicatorsData exfiltration
 Suspicious LogonDevice-based risk indicators, IP-based risk indicators, Location-based risk indicators, and Other risk indicatorsCompromised users

You can manually mark risk indicators as helpful or not helpful. For more information, see Provide feedback for User Risk indicators.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:76 次

字数:10862

最后编辑:6 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文