Risk Intelligence Quick Start Guide

The following section provides information on the steps required to get up and running with Risk Intelligence.

Create a Risk Intelligence policy

Policies control every aspect of Risk Intelligence, from the scans it runs down to their schedule.

To get you up and running we have included default policies for Servers, Desktops and Laptops, with the option to manage your own custom policies (as well as edit the defaults).

  1. On the All Devices view, go to Settings > Risk Intelligence > Policy.
  2. Select New.
  3. Enter the Policy Name for identification.
  4. Select an existing policy from the Base Policy On drop-down menu to act as a template or leave it blank for a completely new policy, with all scans set to Do not Run (disabled).
  5. Select the device for the Policy Type.
  6. Select Add.

    The Policy dialog displays containing the configuration sections.

  7. Configure the Policy sections.
    SectionDescription
    General Contains the Policy type and editable Policy name

    Set the account wide Currency Symbol and Security Liability Amount as well as any Global Policy File Exclusions

    Policies Security Scan Retrieves vulnerability information from the computer that may expose the Operating System and installed application to security risks
    PCI Scan Search for risks with internal Payment Credit Industry compliance violations
    Data Breach Risk Scan (Country) A security scan that searches for Credit Card Numbers, dates of birth, government-issued identification, and financial account numbers.

    There is not a global standard for Personally Identifiable Information (including government issues identification) so we include country-specific versions of this scan to search for and retrieve details in that country’s format. AUS, BEL, BRA, CAN, DEU, ESP, FRA, GBR, IRL, ITA, NLD, NOR, NZL, SWE, USA, ZAF, NZL

    Expanded Data Breach Risk Scan This extension of the Data Breach Risk Scan also performs a Technical Safeguards Check. This check queries the device and highlights settings that do not meet common baseline configurations
    Custom Scans Custom scans based on the following scan types: Data Risk Breach, Expanded Data Risk Breach, File Finder, Security and PCI and PAN Scan.

    To access the Scan Configuration section of the Risk Intelligence dashboard, click the Custom Scans button.

    To manually synchronize N-sight RMM's custom policy list with Risk Intelligence, click the Reload Customized Scans button.

  8. Select Save to create the policy.

Scans are enabled by changing the Select Frequency Method setting from Do not Run (disabled) to the required schedule option: Once per Day (select one day for weekly scans), Once per Month or Manual. To disable a scan, change its setting to Do Not Run.

As these intensive scans may take some time to complete, we have included a mechanism which prevents the scheduling of a scan within two hours of another scan. If two scans are scheduled to take place within this two-hour period, a notification is displayed when attempting to save the policy and the save option disabled until the schedules changed. In those circumstances where a scan is still running when a new scan is scheduled to start, the currently running scan is stopped.

Enable Risk Intelligence and select Policy

Risk Intelligence can be enabled for all Servers and Workstations or servers and workstations at the specified Clients and Sites. Risk Intelligence is policy driven.

By default, policies are inherited from the parent. Devices inherit policies from the site, sites inherit policies from the Client, Clients, in turn, inherit the policy setting for all servers and workstations.

To enable Risk Intelligence and set the policy for multiple devices:

  1. On the All Devices view, go to Settings > Risk Intelligence > Settings.
  2. Select the Entity type to enable Risk Intelligence on. You can select all servers and workstations, or servers and workstations at specific clients and sites. For information on each potential entity state, please refer to Feature and Functionality Settings Icons.
  3. Change Setting to On, Off or Use Parent (only for Client or Site).
  4. If you turned Setting to On, select the policy to apply to the selected entity from the Policies drop-down menu. This includes the default Server, Desktop and Laptop policies (depending on selection), but also any custom policies that are available for the selected device type.
  5. Click OK to save and apply.

For full granularity Risk Intelligence can be enabled (or disabled) for specific Servers or Workstations via the Risk Intelligence tab of a Device's Edit dialog. The Edit dialog is available from the All Devices view North-pane when you right-click a device in the North-pane.

From here you can alter the Risk Intelligence Setting to On, Off or Use Parent and choose the Device's policy. Changing this setting from Use Parent to On or Off excludes the device from any changes made at its parent level.

Manually run a Risk Intelligence Scan

After the Risk Intelligence Automated Tasks are downloaded to the device and synchronized with the All Devices view, they can be run manually from the All Devices view(this allows you to run Tasks outside of the policy schedule).

  1. On the All Devices view North-pane, select the target device.
  2. Go to the Tasks tab.
  3. Right-click the Risk Intelligence Automated Task and select Run Automated Task .

Risk Intelligence dashboard

The Risk Intelligence dashboard hosts the scan results and reports.

To access the Risk Intelligence dashboard:

From here you can configure scans, view scan results and review reports.

View Scan Results

After the Risk Intelligence Automated Tasks are complete, they upload their information to the All Devices view and the Risk Intelligence dashboard. The All Devices view displays the Automated Task status, and the Risk Intelligence dashboard contains the scan results under "View and Manage", "Scan Results".

Click Scan Results to view the scan information for each device. To customize the table layout, click on Select Columns then choose the columns to display. Use shift and left-click to select a range or Control and left click to choose specific items.

Reports

The Risk Intelligence Reports section provides summary information and analytics for each Client based on the scan results of its associated devices. To open the Risk Intelligence Reports, from the All Devices view select Reports > Risk Intelligence Reports and then choose the report type.

The HTML reports available for a Client depend on the scans configured on their devices.

These are split into two types:

  • Trend Reports contain the cumulative scan results from all scans during the selected time frame.
  • Baseline Reports provide information on the scan results from each device’s last scan of that type.

From here you can drill down into the scans that comprised this report.

Disable Risk Intelligence

Where Risk Intelligence is no longer required you can switch it off for all devices based on type, at the Client or Site level of on specific devices.

By default, policies are inherited from the parent. Devices inherit policies from the site, sites inherit policies from the Client, Clients, in turn, inherit the policy setting for all servers and workstations.

Multiple Devices

  1. On the All Devices view, select Settings > Risk Intelligence > Settings.
  2. Select the Entity type. You can select all servers and workstations, or servers and workstations at specific clients and sites.
  3. Choose Off from the Settings drop-down, or Use Parent where the entity's parent setting is Off.
  4. Select OK to exit and save changes.

Individual Device

  1. On the All Devices view North-pane, right-click the device and select Edit Server or Edit Workstation.
  2. Go to Risk Intelligence.
  3. Choose Off from the Settings drop-down, or Use Parent where the device's parent setting is Off.
  4. Select OK to exit and save changes.