This is a question to Atlassian Beacon Product Manager:
We have a very large Data Center customer with about 25K users, that wants to go to the cloud but has very big concerns with it.
One of the ways to mitigate the infosec risks that this customer raises is to show him the capabilities of Atlassian Beacon.
The customer says that he cannot say that Beacon really reduces the infosec risks, because it is not clear what is "Abnormal activity". There are no documented parameters/criteria/thresholds that can explain what Beacon considers as an Abnormal activity.
Can you explain what we can say to this customer? What are the criteria for considering an activity as Abnormal?
The majority of Beacon detections are triggered by specific user and admin actions, such as alerting when an Org admin is added or when a Confluence site is made public. Detections that trigger on “abnormal” activity are designed to bring attention to activity that appears to be automated, or from activity that varies significantly from standard use in terms of volume and speed. These detections have adjustable thresholds so that Beacon admins and Atlassian administrators can tune the sensitivity that best matches their organization and tolerance for risk. We ran statistical analyses across multiple organizations of various shapes and sizes, and set static thresholds based on the 99.9th percentile behavior patterns for viewing pages, viewing issues and exporting. Hope that helps, let us know if you have additional questions!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.