The SaiX Identity and Access Cyber Risk engine is an engine designed to help an organization or enterprise adapt to Identity and Access related threats.
All organizations are vulnerable to unpredictable cyber risks ranging from hacking to malware and ultimately leading to data breaches. The SaiX engine can help mitigate these perils before they even occur.
Perimeter based risks that used to be rampant are on the wane. Enterprises must now focus their efforts on Identity. Identity is the newest and most prevalent perimeter for cyber-attacks. Point solutions cannot address this problem. In fact, research shows that they exacerbate the problem by trying to grab pieces of the cyber risk real-estate. Each product on the market is attempting to prove that stylish dashboards and drag drop widgets are the real solution and silo’ing the threat landscape hence increasing the risk of cyber threats. If these solutions were viable 47% of breaches would not be caused by malicious or criminal attack. Nor would it take 214 days to identify a malicious attack. Quite simply, the longer the bad guy stays in your environment, the more havoc they wreak within your organization. So, how can we protect ourselves?
To combat current threats, what is needed is an engine that increases resilience and robustness against stressors, shocks, volatility, noise, mistakes, faults, attacks, or failures. The application of such concepts is what distinguishes SaiX from the competition.
What is required is a risk engine that can adapt to unknown and known risks. SaiX Risk Engine does this with deep insight into Authentication and Authorization related events. These events center around entities such as Identity, Account, Application/System/Target systems, Entitlements etc. The purpose of the risk engine is to assign easy to understand “risk scores” to these entities. The risk scores are targeted for remediation of these entities. It’s just not enough to point out problems we need solutions.
In an organization, entities constitute assets that can be represented by attributes. An ‘Identity’ can be represented by a person’s name, department, job code, start date, etc. Similarly, an account qualifies as an entity. It is an identity manifesting in an application or system. An account allows someone to interact with the system as it has assigned permissions. So, John Doe can have an account jdoe. An application/system/Target is an entity that is an IT asset with attributes including- administrative ownership, and system timestamps.
Authentication is when an Identity logs into a system using their credentials such as username and password. So, what is the risk? Is the user who they say they are? Is the user trying to log into a system without permission?
Authorization occurs when a permitted user accesses and interacts with the system. So, what is the risk? Does this person, for example, have the authority to transfer a large sum of money? If yes, is this transaction monitored? Who is the payment being made to?
Eliciting meaningful cyber risk within an enterprise is difficult, but even more difficult is using those risks effectively to remediate the identified issue. The challenges exist in multiple components and countless sources of truth. In other words, a complex labyrinth of systems, an exploding number of identities and their permissions.
To make sense of the authentication and authorization data, the SaiX Risk Engine calculates risk in two ways – Static Risk and Transactional Risk. The Static Risk can be thought of as an inherent or innate risk within the entity. It is calculated using the KnowledgeIQ module of the SaiX Risk Engine, which is based on over 300 out of the box controls. It is a survey technique to ascertain the ground truth. The client provides answers to questions that gives the engine its initial risk score. From there, the ‘governance rules’, using the Rule Engine module, completes the static rule calculation. Once completed, the Rule Engine turns its attention incoming transactions. The powerful AI engine within the static rule calculation uses inferencing capabilities, and in transactional mode uses machine meaning and heuristics.
This produces a RAG (Red, Amber, and Green) risk score with confidence levels.
SaiX engine works based on a ‘recommendation’ model. The engine makes recommendations to SaiX administrators, members of the organization who are helping the engine learn. This bootstrap model prevents the engine from producing false positives. The engine also uses a sophisticated triangulation method to validate the scores it is producing.
These patent-pending methods allow an organization to benefit from the engine producing entity-based risk. The AI system publishes risk scores that can be used by other systems or subscribers. The subscribers can then take preventive actions. As an example, a user’s and application risk increases if he is trying to brute force into an application. Since the user’s risk has increased subscribing system, such as authentication system, can block the user OR challenge them to produce additional validation prior to login as the application risk has increased.
The SaiX engine is flexible and can be deployed within your personalized virtual environment. It is available as either a SaaS system or a hybrid model. Since it is built using micro-services architecture, the extensibility and integrability using APIs is easy.
It also democratizes rule building by offering an easy to use interface where users can enter rules using more than one method.
The SaiX engine is supported by an efficient managed service regardless of the deployment model. This helps all modules and takes the sting off the administrators, helping them learn the engine’s nuances at their own pace.
The SaiX engine offers RestAPIs. You can hook them up to your choice of Dashboards or UIs. SaiX is a user-friendly product that adapts to your own enterprise needs.