- DATASHEET -

PingOne Risk

PingOne Risk is a cloud-based service that leverages machine learning and intelligent, configurable policies to secure authentication by evaluating multiple risk signals to verify user identity and detect potential threats.

Combine the PingOne Risk service with a variety of Ping products to continuously analyze contextual user information to understand the risk of granting access to an application, which allows you to make real-time decisions about the level of authentication required. PingOne Risk detects potentially risky behavior through the use of machine-learning models and advanced analytics to evaluate different signals, including user behavior and entity analytics, anonymous network detection, IP reputation and impossible travel.

By understanding the level of risk, organizations can create intelligence-based, configurable policies that apply appropriate strong authentication for resources and provide trusted users with a zero-login experience. Organizations can increase security by accessing PingOne Risk risk dashboards to view reports on high-risk events and get in-depth insights on the authentication behavior of their users.

Features & Benefits

Cloud-based risk management
User behavior insights for smarter authentication decisions
Increased level of assurance in user identity
Machine learning and advanced analytics to learn behaviors
Differentiation of normal and abnormal authentication requests
Aggregated risk policies that incorporate multiple risk signals
Dashboards to provide security insights and reporting on high-risk events
Multiple external data feeds that leverage a variety of threat indicators
Integration with PingID, PingFederate and PingOne SSO along with an API for third-party services

Risk Signals Evaluated

User and Entity Behavior Analytics
Anonymous Networks
IP Reputation
Impossible Travel
IP Velocity
User Velocity

Evaluate Risk Predictors to Detect Malicious Activity

PingOne Risk leverages multiple risk predictors to learn user behavior and detect anomalies, thereby helping organizations make intelligent authentication decisions.

User and Entity Behavior Analytics

Legitimate users access applications and resources in predictable patterns, but bad actors don’t adhere to these patterns when attempting to access enterprise systems. PingOne Risk leverages user and entity behavior analytics (UEBA) and machine learning to understand the behavior patterns of workforce users within an organization. The machine-learning models in PingOne Risk continuously learn the behaviors of users inside an organization by considering a variety of data points, including:

Device type, operating system and version
Browser type and version
Time and day
IP range
User location

Using this behavior data, the machine-learning model will characterize abnormal activity as low, medium or high risk and prompt the user for the appropriate strong authentication. Additionally, administrators can evaluate the UEBA functionality in PingOne Risk before deployment by viewing the output of the machine-learning model without affecting the authentication flow. This allows organizations to adjust rule settings to ensure only the right users gain access to resources.

Anonymous Network Detection

Bad actors will typically use unknown VPNs, Tor and proxies to mask their IP address to sneak access to resources and applications. PingOne Risk analyzes IP address data from a user’s device to determine if the address is originating from any type of anonymous network. If so, the user can then be prompted for step-up authentication or denied access. Additionally, PingOne Risk supports creating a whitelist to include an enterprise’s VPN networks, ensuring that legitimate VPN users can access authorized resources.

IP Reputation

IP addresses are frequently reused in malicious activities such as DDoS attacks or spamming activity. If a user attempts to access an application that is associated with an IP address previously involved with suspicious activity, the probability of potentially risky behavior increases—and stronger authentication is required. PingOne Risk analyzes data from different intelligence sources to determine the probability an IP address is associated with malicious activity and to request stronger authentication to verify the user’s identity.

Impossible Travel

Users frequently log in to the same application from multiple locations throughout the day. However, a time lapse between the current login location and the previous location that is shorter than the time it would take to travel between the two points could indicate potentially suspicious activity. PingOne Risk analyzes location data to calculate if travel time between two login locations is physically possible. If the elapsed time is calculated to be impossible, the user can be prompted with step-up authentication or denied access.

Use Risk Aggregation to Strengthen Policies

PingOne Risk enables administrators to configure intelligence-based policies by combining the results of multiple risk predictors to calculate a single risk score. Each risk predictor is assigned different weights to determine if a user poses low, medium or high risk to the organization and the level of authentication required. The thresholds for each risk level based on the aggregated risk score can be optimized to align with the organization’s needs. Additionally, administrators can create multiple risk policies to apply in different use cases to meet business requirements.

Gain Insights to Increase Security Posture

PingOne Risk provides a risk dashboard to give organizations in-depth insights into authentication behaviors to help make decisions that can strengthen security. Administrators can view reports on detected malicious activity and data on risky activity within an organization: