1. Applying the basics of behavioral analytics
2. Mitigating risk
3. Managing identities
4. Pinpointing behavior
* The identity is using an unknown mobile device.
* The identity is operating in a remote location.
* The identity is coming from a suspicious IP address.
* The identity is a member of a privileged group.
* The identity used a specific service outside of their normal operating time.
5. Understanding complications
6. Assessing enterprisewide risk
7. Crunching data
8. Classifying risk
Good: The identity poses minimal risk.
Suspect: The identity has been associated with events or activities that pose risk, but the risk does not demand immediate action.
Bad: The identity is considered a high risk and merits immediate attention, and the classification system will initiate automated mitigation and alerts according to the enterprise’s policy.