Configure Device Risk Profiles in Concerto

For supported software information, click here.

Security software vendors, including Versa Networks, provide device risk scores for their products. The device risk score helps determine the likelihood that the activities associated with the product are legitimate.

The device risk profile in Concerto allows you to weigh the importance of different categories of device risk. You do this by assigning a weighting value, given as a percentage, for each category. If you have multiple products in a given category, you can also specify the weight given to each product within the category.

Customers can subscribe to a Versa Networks security software product, such as UEBA, and also to products from other vendors. The device risk categories, and the products supported in each category, are listed below: 

• Endpoint Detection and Response (EDR):
  • CrowdStrike
  • Microsoft Defender
• User and Entity Behavior Analytics (UEBA):
  • Impossible Travel (Versa)
  • Infrequent Destination (Versa)
• User Entity Manager (UEM):
  • MobileIron
  • Microsoft Intune
• Vulnerability Threat Manager (VTM):
  • Qualsys
  • Tenable

Concerto sends the device risk profile configuration to the cloud cluster to compute the device risk score for all of the products to which the customer is subscribed. The calculated score is then pushed down to SSE gateways.

You can create only one profile per tenant. Once you configure profile, you cannot add another profile or clone the existing profile. Once configured, you can use the device risk scores when configuring policies and rules. You can use the View tab to see the result of these calculations.

To configure a device risk profile:

1. Go to Configure > Profiles and Connectors > Device Risk Profile.
   
   
   
   The following screen displays: 
   
   
    
2. To customize which columns display, click Select Columns, and then click the columns to select or deselect the ones you want to display. Click Reset to return to the default columns settings. The available columns are:
   • EDR Category Weight
   • EDR CrowdStrike Property Weight
   • EDR Microsoft Property Weight
   • UEBA Category Weight
   • UEBA Impossible Travel Property Weight
   • UEBA Infrequent Destination Property Weight
   • UEM Category Weight
   • UEM MobileIron Property Weight
   • UEM Microsoft Intune Property Weight
   • VTM Category Weight
   • VTM Qualsys Property Weight
   • VTM Tenable Intune Property Weight
      
3.  Click  the Add icon. The Add Device Risk Profile screen displays. 
   
   Note that you can only configure one device risk profile. If you have already configured a device risk profile, the  Add icon is grayed out.
   
   
4. Enter a name for the profile in the Name field.
5. For each of the four categories, enter a weight percentage for that category, between 0 and 100. The sum of the four categories must equal 100 percent. Within each category, specify the weight for the individual applications in the category, between 0 and 100. The sum of the individual application weights must equal 100 percent. 
   
   In the following example, the device risk percentage weighting is as follows:
   
   EDR—50%
   • CrowdStrike: 25%
   • Microsoft Defender: 75%
   
   UEBA—15%
   • Impossible Travel: 50%
   • Infrequent Destination: 50%
   
   UEM—20%
   • Impossible Travel: 40%
   • Impossible Travel: 60%
   
   VTM—15%
   • Qualsys: 100%
   •Tenable: 0%
   
   
    
6. Click Save to create the new device risk profile.