Overview

Netskope One DSPM's User Risk Rating answers the question, “Who are the riskiest users?” The score is assigned to users for the overall risk they pose based on access to sensitive data, stale privileges and policy violations. This score will help you prioritize actions related to user data access management. 

User Risk Rating and related risk scores are displayed on Dashboard widgets and User Assessment pages. To learn more, please visit our Dashboard article.

User Risk Components

Each user's risk rating is based on: 

• Over Privileged User Risk (Stale)
• User Behavior Risk
• User Sensitive Data Access Risk

Each user risk score is on the scale of 0 to 100, with the score 100 assigned to the user with maximum risk when compared to other users with access to data stores. 

Over Privileged User Risk (Stale)

Maximum risk score assigned to a user with stale privileges across multiple data stores. Netskope One DSPM computes staleness based on when the data store was last accessed by user. This score will help you monitor and assess users with privileges that they are no longer using and take access management actions. 

User Behavior Risk

Maximum risk score assigned to a user based on the alerts generated across multiple data stores for Data Exfiltration, Privacy Violation and Data Modification policy types. This score will help you monitor and assess users continually violating data policies set within your organisation and take access management actions. 

User Sensitive Data Access Risk

Maximum risk score assigned to a user having access to sensitive data across multiple data stores. Score is higher for access to data type with higher sensitivity level. This score will help you monitor users with highly sensitive data and take actions if required. 

Required Data Stores Capabilities

Data-in-use Monitoring and Deep Privilege Analysis capabilities are required for Netskope One DSPM to be able to calculate complete User Risk Rating for all users of a data store. 

• Data In Use Monitoring, for Over Privileged User Risk (Stale) and User Behavior Risk
• Privilege Analysis with Deep Privilege Analysis, for Sensitive Data Access Risk

If Data-in-use Monitoring and Privilege Analysis are disabled, then User Risk Rating will not be calculated for any user of that data store. 

User Assessment

The User Assessment screen is used to view the complete list of users with access to data stores and analyze user related risks. To access this screen, navigate to User Assessment in the left-hand menu.

User Risk Rating is visible on Top Risky Users widget and as a column on the Employee list. The other risk scores are displayed on expanding the individual Employee record in the list. 

You can filter this Employee list based on User Risk Rating. 

Employee Details 

Clicking on Username or Employee Name anywhere in Netskope One DSPM will take you to the Employee Details page. Here you can analyze the Individual Employee or Service Account at depth. (eg. each risk score, which sensitive data do they have access to, when was the last time they accessed a particular data store, etc.)

On the Overview tab, you can view the overall User Risk Rating information visually as widgets.

On the Data Store tab, you can view the total user risk components along with the risks per data store that the Employee or Service Account can access.

Dashboard

The User Risk Rating and its components are also displayed on the dashboard in the Risks and Users tabs. 

On the Risks tab:

• Risky Users bar-graph widget is based on User Risk Rating
• Over Privileged Users (Stale) pie-chart widget is based on Over Privileged User Risk (Stale)

On the Users tab:

• High Risk Users count, Top Risky Users, Top Risky Departments bar-chart and Risky Users Over Time line-chart widgets are based on User Risk Rating 
• Privileged Users count, Top Over Privileged Users (Stale) and Top Over Privileged Departments bar-chart widgets are based on Over Privileged User Risk (Stale)