Data protection
The Risk Monitor use cases in this section focus on managing PII risk applications, that is, applications that may contain personally identifiable information.
The list can be compared with your own register of your organization's PII applications to see if there are any discrepancies that should be looked into to make sure that the register is accurate and up to date.
On the Applications dashboard, set the PII risk filter to True.
The dashboard is filtered to show data on all PII risk applications.
The Application details table lists all applications that may contain personally identifiable information, grouped by manufacturer.
You can export the data to a .csv or .xlsx file by selecting the More options menu in the upper-right corner of the table and then select Export data.
To find out if any of the PII applications in your organization contain vulnerabilities, see See all vulnerable PII risk applications in the organization.
On the Applications dashboard, set the following filters:
Vulnerable application=True
PII Risk=True
The dashboard is filtered to show data on applications that are vulnerable and may contain personally identifiable information.
The Application details table lists all vulnerable applications that may contain personally identifiable information, grouped by manufacturer.
In addition, you can study the charts and tables to gain more knowledge about the vulnerable PII risk applications. You can, for example, look at:
The Application installations risk cross-over chart to see:
The number of vulnerable PII risk applications that are out of support, but for which upgrades are available (intersection PII & Vulnerable & Upgradeable & Support ended).
The number of vulnerable PII risk applications that are out of support and not upgradeable (intersection PII & Vulnerable & Support ended).
The Application manufacturers chart to see the distribution of vulnerable PII risk applications between manufacturers, with the manufacturer with the largest amount of vulnerable PII risk applications at the top of the chart.
Go to the Applications dashboard and locate the application in the Application details table.
Tip
To quickly find the application, expand the Filters pane on the right side of the page and enter the name of the application in the Application name filter. The Application details table will filter to only show data for the application.
Right-click the application name in the table and select Drill through > Users.
You are directed to the Users dashboard filtered to show data on users with access to the application.
Look at the User details table to see a list of all users having accessed the application.
You can export the data to a .csv or .xlsx file by selecting the More options menu in the upper-right corner of the table and then select Export data.
For example, a specific finance application containing sensitive data that should not be used by anybody outside of the Finance department.
Follow the instructions for how to create rules for intended access.
Anybody outside of the department accessing the application will be flagged as an unauthorized user and displayed on the Unauthorised application usage dashboard.
To see unauthorized usage of a PII risk application, rules for Intended Access for that application must first have been set.
On the Unauthorised application usage dashboard, set the Application filter to the name of the application.
The dashboard is filtered to show data for the application only. If no unauthorized user has accessed the application, the dashboard will show blank results.
To see unauthorized usage of PII risk applications, rules for Intended Access must first have been set.
On the Unauthorised application usage dashboard, set the PII risk filter to True.
The dashboard is filtered to show only applications that have been accessed by unauthorized users and that may contain personally identifiable information. If no PII risk applications have been accessed by unauthorized users, the dashboard will show blank results.
Study the key figures, charts and tables to gain knowledge about the unauthorized usage of PII risk applications. You can, for example, look at:
The key figures to see how many PII risk applications have been accessed by unauthorized users, and the number of users that have accessed the applications without approval.
The Unauthorised application usage chart to see the names of the applications.
The Unauthorised usage (minutes per run) - by user chart to see the extent of the unauthorized usage in minutes per user.
Looking at, for example, the amount of time that the user has accessed the application, and the time of day of this access, can be useful to separate deliberate malicious use from accidental access.
To see unauthorized usage by a user, rules for Intended Access for that user or the user's department must first have been set.
On the Unauthorised application usage dashboard, set the User filter to the user name of the user.
The dashboard is filtered to show data on unauthorized usage by that user only.
For each application in the Application user access details table, look at the data in the following columns:
Last used: The date on which the user last used the application.
Run (count): The total number of minutes that the user has used the application.
Per run (min): The average number of minutes that the user has used the application per run.
You will be notified whenever a user that is unauthorized, according to the rules for intended access, accesses an application. See Alerting & API for more information on how to use alerts.
Follow the instructions for creating an alert and set the following parameters for the criterion in the Condition section:
Filter: User Authorised
Condition: Equals
Value: False
The devices may, for example, lack antivirus protection, or have file sharing and VPN software installed and contain other vulnerable applications.
On the Devices dashboard, set the following filters:
PII risk=True
Vulnerable application=True
The dashboard is filtered to show data on all vulnerable PII risk applications.
In the Device details table, find devices with the following values for one or more of the following columns (select a column header to sort the table by that column).
Has Antivirus=False
Has VPN=True
Has Filesharing=True
Vulnerable applications>1
Go to the PII vulnerability exposure dashboard.
In the Vulnerable devices – by device type chart, select the Financial information bar.
The PII application details table is filtered to show a list of all vulnerable applications in the organization that might hold financial information.
To further explore the applications in the list, sort the table by, for example, the Application vulnerabilities column to see the applications with the most vulnerabilities, and/or the Has Antivirus column to see devices with the application installed which lack antivirus protection.
You can export the data in the table to a .csv or .xlsx file by selecting the More options menu in the upper-right corner of the list and then select Export data.
Go to the PII vulnerability exposure dashboard.
Set the Application name filter to the name of the application.
All of the charts are filtered to show the PII types for the application.
Note
If the application is not a vulnerable PII risk application, the page will show blank results.