Risk engine
Intelligent brain of risk analysis
  • Weak ability to proactively identify risks

    Weak ability to proactively identify risks

    Enterprises can usually only deal with security events after they occur, and the security events that have already occurred may have caused irreparable damage to the enterprise, who lacks the ability to detect and warn of risks in advance.

  • Lack of in-event control tools

    Lack of in-event control tools

    When a security event occurs, it is difficult to locate the location and initiator of the event, while lacking the corresponding control means to immediately suspend the event.

  • Difficult to trace and analyze afterwards

    Difficult to trace and analyze afterwards

    For security events that have occurred, especially when the scope is wide, it is difficult to link the data of all parties to form an effective tracking chain, making it hard and inefficient  to trace, and it is also difficult to respond and remedy quickly.



The risk engine is an enhanced component of the ‘Converged Authentication Service’, which acts as the "brain" of the Converged Authentication Service to analyze risks, inform organizations of potential risks in access control in real-time by designing risk blocking mechanisms, and achieve intelligent risk prevention in advance. Based on pre-defined risk management rules, the risk score of any access can be calculated in real-time to control user access to metadata (time, place, habit, account, relationship, behavior, permission, etc.). 

Applying this context-based level of behavioral risk management, collecting users' daily log-in system operation behaviors and usage habits, continuously learning their behavioral characteristics in-depth, and actively collecting user behavior-related data for modeling based on this computational model. Through the collection and cleaning of the organization's user access metadata, the user's access behavior is evaluated in real-time and comprehensively, and when the system detects anti-fraud risks, the risks are actively blocked to ensure the security of user access.


  • Big data platform

    The risk engine is based on the big data platform, and adopts Hadoop, Spark, Streaming, ELK, ETL and other technologies, which can continuously gather massive data of IAM system and enterprise resources nodes, and support the establishment and continuous optimization of risk models.
  • Flexible data collection

    Provide a variety of flexible collection means for real-time data and non-real-time data, provide data collection and adaptation functions, and flexibly collect different data from different data sources through configuration; Provide data collection monitoring function to monitor data collection.
  • Intelligent risk analysis model

    The relevant technologies in the field of artificial intelligence are used to deeply mine all kinds of collected data, establish corresponding risk models from multiple dimensions, and continuously train the models in the process of data accumulation to ensure that risk identification is more scientific and accurate.
  • Dynamic access control

    Combining with BAM to realize the dynamic risk detection of users' access behavior, it dynamically adjusts security policies for risky access behaviors, such as scheduling secondary authentication, blocking, etc., providing a safe and fast channel for normal access behaviors, and realizing the balance between security and convenience.
  • Extensible risk strategy base

    In addition to the built-in ability of general support and flexible expansion, the platform risk strategy base can customize the risk model, risk rules and risk treatment strategies that meet the needs for specific businesses and scenarios of enterprises.
  • Risk output

    Through the platform's standard interface or SDK, risk detection related services are exported to the outside world. Through empowerment, the risk detection capability is extended to the use scenarios of various applications, terminals and equipment, and the overall security of enterprise information assets is improved at a lower cost.


  • Risk Monitoring dashboard


    Provide a digital dashboard of all kinds of risk information, showing platform risk monitoring information from multiple dimensions such as account, application, scenario, behavior and warning, and updating risk dynamics in real time so that managers can understand the overall risk situation of the platform in time.

  • Risk detection scenarios


    The platform supports risk detection of login, authentication, business operation and other scenarios of various information resources such as B/S applications, C/S applications, mobile applications, PC desktops and devices.

  • Preset risk models


    The platform is pre-set with common risk models and related risk rules, such as risks of off-site login, non-trusted devices, infrequently-used IPs, non-habitual behaviors, etc., which can meet the risk detection needs under usual access scenarios.

  • Risk Analysis Dimensions


    The platform collects relevant data from multiple dimensions to ensure the reliability and accuracy of risk analysis, and conducts comprehensive risk analysis on devices, locations, time, resources, authentication, behaviors, environment, permissions, etc.

  • UEBA View


    Provide UEBA analysis view to provide statistical analysis from multiple aspects such as access distribution, location distribution, device distribution, risk distribution, authentication preference, failure reason, login ranking, active users, etc. to assist enterprises understanding user behavior, platform load capacity and risk trends for decision making.

  • Risk Audit


    Provide visualization of risk audit of information query to facilitate managers to track risk events in detail and realize risk closed-loop examination for the time and location of risk events, risk account details, risk handling process, risk confirmation and elimination.



Based on deep learning technology, the platform calculates the risk of access control, controls users' access metadata (time, location, habits, accounts, relationships, behaviors, permissions, etc.), and actively collects data related to users' behaviors based on the calculation model to model. In the aspect of unified data query and display, the risk engine also provides the ability of data visualization and unified data query based on some open source technologies.RDS.jpg


  • Risk Data Collection

    Based on Beat + Logstash + Elastic Search in Elastic Stack system to collect and store log data of Bamboocloud products, it is currently built-in to collect logs of Bamboocloud Unified Authentication Platform + Integration Authentication products. It also has the ability to collect business system logs on demand itself.

    Risk Data Collection
  • Risk judgment services

    Provide different risk analysis services for specific scenarios, combined with the "Integration Authentication Service," it can make the multi-factor authentication capability of the Integration Authentication Service intelligent. If used independently, it can also provide risk identification for applications and provide the judgment basis for abnormal behavior processing.

    Risk judgment services
  • Risk rule management

    Provide the ability to customize the risk rule module flexibly, and configure the corresponding risk policy of the risk rule module and risk rule in a visual way. Let a risk rule can serve a variety of scenarios, and each scenario can use a different risk policy.

    Risk rule management
  • Channel Management

    It is used to establish the relationship of application, business points in the application and risk rules, and provide risk judgment services to the outside world with scenarios as service units, and can do operations such as adding, deleting, enabling, disabling, modifying, querying, associating risks, and risk association display for channels and scenarios.

    Channel Management