Skip to content
English
More support Sign in
Contact us
  • There are no suggestions because the search field is empty.

Unify - Impact Modifiers

Setup Impact Modifiers to adjust the weight of inherent risk based on roles, access, tenure, and other account attributes when calculating HRI. 

  1. What is an Impact Modifier? 
  2. Who do Impact Modifiers apply to? 
  3. How are they weighted? 
  4. How do they affect HRI?
  5. What are the default weights? 
  6. How do I assign Impact Modifiers? 
  7. Request Impact Modifiers for your tenant 

 

❓What is an Impact Modifier?

Unify calculates HRI with a probabilistic model to determine the likelihood of risk when an insight is detected based on their risk profile. Impact modifiers can be applied to adjust the impact of role-based risk by assigning weight levels (none, low, medium, and high) to identity groups. 

👤 Who do Impact Modifiers apply to?

Impact Modifiers can be assigned to any identity group based on an attribute in their risk profile. They're customizable based on your company policies for the risk impact of certain identity profiles. You can declare Impact Modifiers for any identity group including, but not limited to, the following:

  • Active Employee
  • Contractor
  • Elevated Access
  • Executive
  • Leaver
  • Recent Hire
  • Performance Improvement Plan
  • Remote Employee
  • Member of the SOC / Security Team
  • Access to Sensitive Data
  • Tenured Employee

🏋️ How are they weighted?

Each impact modifier is assigned one of the following weights: NONE, SMALL, MEDIUM, LARGE. The weights control how much the likelihood of risk is increased for identities associated with that modifier. The weights are adjustable for each individual client and differ based on the insight detected. 

Take this example for Elevated Access: 

  • LOW - elevated access employees only has access to emails (non-sensitive info). Even if their behaviors are risky, the data compromised is not sensitive 
  • HIGH - elevated access employees have access to SSN and Credit Card numbers which is highly-sensitive info. If their behaviors are risky, the data compromised is highly sensitive information 
  • NONE  - if elevated access employees have no risky insights detected


📊 How do they affect HRI?

Impact modifiers adjust the HRI based on which (and how many) of the modifiers are active for an identity when risky behavior is detected. There is no “inherent risk” given to an identity associated with an impact modifier, so the modifiers only increase the likelihood of risk when some potentially risky behavior is observed.

For example, an identity with “Elevated Access” but no risky insights detected would have the same HRI as any other identity with no risky insights detected (irrespective of their modifiers). However, if there are two identities with the same risky insights detected, one with the “Elevated Access” modifier and the other with no modifiers, the identity with elevated access will have a lower HRI, indicating more human risk.

Examples of HRI impact when 'Elevated Access' Impact modifier is applied and detected for the following insights: 

Phish Clicked + Malicious Website                  Training Overdue: 

Impact Modifier

HRI

HRI Impact

NONE

178

0

SMALL

158

20

MEDIUM

146

32

LARGE

132

46

Impact Modifier

HRI

HRI Impact

NONE

463

0

SMALL

455

8

MEDIUM

448

15

LARGE

435

28

 

 

 

 

 

⚖️ What are the Default Weights for Impact Modifiers? 

Below is a list of impact modifiers and their default weights. 

Each of the Impact modifiers can be updated manually through the Unify API or automatically. Note that the Active and Tenured Employee impact modifiers are inferred from data, meaning Unify will assign these impact modifiers automatically based on each identity’s observed data.

Modifier

Default Weight

Inferred Logic

Active Employee

NONE

The Identity has activity in the past 30 days.

Contractor

MEDIUM

  

Elevated Access

LARGE

  

Executive

LARGE

  

Leaver

LARGE

  

Recent Hire

SMALL

  

Performance Improvement Plan

LARGE

  

Remote Employee

SMALL

  

Member of the SOC / Security Team

SMALL

  

Access to Sensitive Data

MEDIUM

  

Tenured Employee

NONE

The identity has a hire_timestamp of more than 3 years ago.

🎯How do I assign an Impact Modifier?

Designating an Impact Modifier requires assistance of LS resources. In order to apply an Impact Modifier you will need to provide us with 4 key pieces of information:

  1. Which Impact Modifier you want applied from the list of options can be found here.
  2. What level of weighting you want applied to the behaviors and events of these identities (None, Small, Medium, Large)
  3. What is the data source? Examples include: Workday, Microsoft Graph API, Okta, or your preferred source of Identity attributes being fed to Unify.
  4. What attribute, value, or characteristics should we key off of?
    1. What characteristics need to be met for this to be applied? A specific string text or day count calculation are the most common options.

An example of the information needed is below:

Impact Modifier Weight Source: Workday Key Value
Contractor Medium employeeType 'CT' or 'CW'
New Hire Small originalHireDate <120 days

❓Request Impact Modifiers for your Unify Tenant

Step 1: Complete the impact modifier request form 

Step 2: Submit the form as a support request here