What is considered an "Abnormal" activity in Beacon? (a BIG concern for a large customer)

Ran Lavi
Contributor
October 21, 2023

This is a question to Atlassian Beacon Product Manager:

We have a very large Data Center customer with about 25K users, that wants to go to the cloud but has very big concerns with it.

One of the ways to mitigate the infosec risks that this customer raises is to show him the capabilities of Atlassian Beacon.

The customer says that he cannot say that Beacon really reduces the infosec risks, because it is not clear what is "Abnormal activity". There are no documented parameters/criteria/thresholds that can explain what Beacon considers as an Abnormal activity.

Can you explain what we can say to this customer? What are the criteria for considering an activity as Abnormal?

1 answer

0 votes
Audrey Garcia
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
October 27, 2023

The majority of Beacon detections are triggered by specific user and admin actions, such as alerting when an Org admin is added or when a Confluence site is made public. Detections that trigger on “abnormal” activity are designed to bring attention to activity that appears to be automated, or from activity that varies significantly from standard use in terms of volume and speed. These detections have adjustable thresholds so that Beacon admins and Atlassian administrators can tune the sensitivity that best matches their organization and tolerance for risk. We ran statistical analyses across multiple organizations of various shapes and sizes, and set static thresholds based on the 99.9th percentile behavior patterns for viewing pages, viewing issues and exporting. Hope that helps, let us know if you have additional questions!

Ran Lavi
Contributor
October 27, 2023

Ok, thank you

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events