For ZTNA Collectives connected to or hosted in the Zero Trust Platform (ZTP), the Risk Engine continuously calculates the risk level of end-users and devices. The Risk Engine is a ZTP-exclusive capability.
To calculate risk levels, the Risk Engine uses two categories of data:
ZTNA Collective data, such as OS information, MAC addresses, hostnames, and IP addresses
Context data collected from third-party security products and services, integrated into ZTP through AppGate-built and maintained adapters
AppGate ZTNA uses this data to dynamically assign entitlements according to your security policy.
The Risk Engine supports three configuration approaches:
Default policy assignments — Establish a risk model using default policy assignments. This approach is appropriate for general security settings. For more information, see Configuring a new risk rule.
Specific security conditions — Configure targeted conditions for customized security needs.
Custom scripts — Use a custom script to collect data and context conditions from multiple sources to determine complex, highly customized risk levels.
NOTE
The Risk Engine does not calculate risk levels for Portal-based access scenarios
The Risk Engine returns the calculated risk level to AppGate ZTNA. The configuration described in this section defines where the ZTP retrieves data and how it maps that data to calculate the risk level. AppGate ZTNA determines how the risk level is used after it is computed and returned.
For information on configuring specific security conditions or using a custom script, see the AppGate ZTNA Admin Guide.