Risk weight profiles
Preconfigured weight profiles
The profiles "strict", "balanced", and "custom" enable authentication flows based on risk weights. The next sections shortly describe each profile. Subsequently, there are some examples to illustrate the expected behavior of the profiles "strict" and "balanced".
Strict profile
In general, the strict profile applies higher weights to risk scores than the balanced profile would do. Thus, the sum of the risk score weights in case of a strict profile will more likely exceed the various decision thresholds. As a consequence, the result values are less varied: Either the overall risk score is too low to send a notification, or so high that it is necessary to ask for an authentication step-up (to be introduced in a future release). A medium risk is less common.
Balanced profile
Balanced profiles are less likely to return a high security risk, due to the lower weight values. On the other hand, the results can cover a wider range of values, which enables the authentication flow to be more fine-tuned (pass, notification, step-up, fail).
Custom profile
If neither of the above two profiles matches your requirements, you can configure a custom profile, by manually setting the risk score weights as described in chapter NevisAdaptAuthState. Get in touch with your Nevis contact if you need to configure a custom profile.
Behavior examples
The nevisAdapt service uses various inputs and threat indicators to reach a final threat score. This means that the calculations of the final scores depend on multiple events. It would go too far to describe all possible combinations. But to get an idea of how different the profiles behave, have a look at the following lists. They show the impact of single incoming events on each profile.
Risk level | Description |
---|---|
Assurance | Assurance events are able to decrease the overall risk score as their imitation is not feasible. |
No risk | "No risk" events do not affect the final score significantly. However, in some cases they can be the deciding factor to transform a final risk score from "Medium" to "High". |
Low risk | "Low risk" events do not affect the final score significantly on their own. However, the combination of various low risk events can lead to an overall higher risk score. |
Medium risk | "Medium risk" events trigger a notification. A combination of a "Medium" and "Low" or "Medium" risk can lead to high risk score. |
High risk | "High risk" events trigger a notification. Note that in future releases, a "high risk" event will trigger a step-up. |
Risk level
Incoming event | Strict behavior | Balanced behavior |
---|---|---|
New device | High | Medium |
Known device | No risk | No risk |
Established device | Assurance | Assurance |
Shared device | Low | Low |
Incoming event | Strict behavior | Balanced behavior |
---|---|---|
New IP | Low | Low |
Established IP | Assurance | Assurance |
Incoming event | Strict behavior | Balanced behavior |
---|---|---|
Signing in from a different country | Low | No risk |
Signing in from a blacklisted country | High | Medium |
IP velocity triggered | Medium-High | Low-Medium |
IP reputation triggered | Medium-High | Low-Medium |
Shared device | No risk | No risk |
New browser | High | Medium |
New browser + new country/IP | High | High |
Home/mobile phone IP changes | Low | Low |
Notable protection: Evilginx | High | High |