🏥Identity Posture Score

The Identity Posture Score is a single score calculated for your organization to help you quickly and easily determine areas of focus that will improve your organization's overall identity security hygiene. Scores range from 0 to 100, and from very weak to very good - the higher the score, the better your organization's security posture.

Additionally, recommendations on how to improve your organization's identity posture are provided in order of impact to the score, so you can easily determine which identity security hygiene gaps to prioritize.

The Identity Posture Score is determined based on a number of criteria including integrations connected, number of users impacted by a check, check severity, user context and other factors. See Calculation of Identity Posture Score for detailed information on how the score is determined and the thresholds associated with each score category.

You can see more information about your organization's current Identity Posture Score, as well as the score's trends over time, on your Dashboard.

Why should I fix my organization's identity posture?

Think of your organization as a house. You make sure all the doors are closed and locked before you leave. Someone decides to break into your house and will try to get through the doors first. When they realize all of those are locked, they try the windows next. But wait... you didn't check the windows!

Identity attacks are similar. A bad actor will try to use the easiest path first, like guessing the password of accounts with no MFA configured. If that doesn't work, they'll try cleverer approaches, like MFA phishing or session theft, to try and gain access to your system. One thing is for certain - while the attack technique might change, the attacks themselves will not stop.

This house example is why its so critical to address postural issues within your organization. With good identity security posture, when a threat comes in (because we know they will come in), you have some peace of mind knowing that the basic protections are in place to ensure your organization is less likely to get "broken into". You've made sure all the doors AND windows are locked, by requiring basic MFA methods and cleaning up inactive accounts. As your organization's identity security posture matures, you then take more advanced steps to protect it, like enforcing stronger MFA methods and reducing session lengths. Improving your organization's identity posture won't stop the attacks from coming, nor will it stop a very determined bad actor who is willing to try everything possible to gain access. But it does ensure that the attacks that come in are generally less risky because the right precautions and measures were put into place.

And when you're ready, you can use also Cisco Identity Intelligence as your home alarm system, to monitor and alert on any potentially malicious end user behavior or threats that should be investigated.

Dashboard widgets

Two widgets related to Identity Posture score can be found on the Dashboard. To read more about the widgets, please see our Dashboard documentation for detailed information about each visualization.

Calculation of Identity Posture Score

Cisco Identity Intelligence weighs several factors together in a proprietary algorithm to produce an Identity Posture Score for each organization, which ranges from 0 to 100 and is categorized in distinct thresholds, where a score of:

• 0 - 39 is considered Very Weak

• 40-59 is considered Weak

• 60-79 is considered Neutral

• 80-89 is considered Good

• 90-100 is considered Very Good

An Identity Posture Score will be calculated based on the data available in your organization's tenant. The more data available from different integration instances, the more accurate your score will be. The factors used in this algorithm include the following:

• Severity levels of specific failed checks: Check severity levels are based on the severity assigned by known attack frameworks such as NIST, MITRE ATT&CK, etc and the potential risk associated with particular hygiene issues. Critical severity issues are weighted more heavily than low severity issues

• Scale of a specific posture issue: Determined by looking at the number of users failing specific posture based checks

• User Context: Specific checks related to MFA were split into subcategories to assign higher priority to posture issues among Priority users, who are higher risk and more sensitive than other users. Priority users are those listed as Integration Instance Admins and/or Executives

Other factors also impact your Identity Posture score such as:

• Disabled checks: Checks that are included as part of the Identity Posture Score calculation but have been disabled in your tenant will negatively impact your score. A perfect score (100) cannot be achieved without enabling all checks that are part of the Identity Posture score calculation

• Integration Instance configuration:

  • As mentioned above, the more integration instances that are connected in your tenant, the more data that is available to contribute to the Identity Posture score calculation. The more data available, the more accurate your organization's score will be. For this reason it is important to set up all available integration instances that exist for your environment. To learn more about what data integrations are available and how to configure them, refer to Integrations

  • It is important to connect your organization's HRIS data to your tenant, as it is a critical component of the Identity Posture Score. A perfect score (100) cannot be achieved without connecting an HRIS system (Workday) or manually uploading HRIS data in your tenant, as this data is critical to identity mapping, data hygiene and enables specific checks that are part of the overall score calculation

  • Because of Identity Intelligence's data ingestion methods, connecting a new integration to your tenant will temporarily increase your score for 7 days while the new data collection settles. After the data has collected and normalized, you may notice a decrease in your score based on the new data collected and the associated posture issues of your users

How can I improve my organization's Identity Posture Score?

To improve your organization's score you should refer to the recommended actions, which can be found in the widget with your organization's current Identity Posture Score. Each recommended action will provide high level guidance on what step(s) needs to be taken to review and/or remediate each user that is detracting from your organization's score because of check failures.

Click the number of users in this widget to go to the Users page where you can review each user that is impacting your posture score to determine if:

• the end user needs to make a change to their account (Ex: configure any form of MFA, stop forwarding emails, externally, etc) so that you can contact them directly and remediate the problem

• the end user's account(s) should be deleted (Ex: this user no longer exists or needs this account)

• there is a specific mitigating control in place that can allow an end user to be excluded from a particular check so that they are no longer failing the check for a specified window of time

• a check's configuration settings need to be tuned to better align with your organization's processes and policies (Ex: the default setting for the Inactive Users check is 30 days, when your organization's process is 90 days). To configure a check's settings, navigate to the check you'd like to modify. If Check Settings are available for that particular check, it will be located in the top right corner of the Check page, and select Custom Detection Settings. Note that not all checks have settings that can be modified