Privilege Zones help you organize objects in your environment into logical groups based on their privilege and risk levels. Using Privilege Zones, you can monitor and maintain the security posture of tiered isolation models.
The Privilege Zones feature is available under early access.
Key concepts
Review these key concepts before exploring Privilege Zones. You can find detailed explanations for each concept in the articles throughout this section.| Concept | Description | Used in Risk Analysis |
|---|---|---|
| Zone | A group of objects representing the hierarchy of control across all domains in an environment (based on access level) | |
| Label | A flexible way to categorize objects within a zone (or across zones) for easier searching and filtering | |
| Rule | A set of instructions that associates objects with zones and labels, based on object types, relationships (expansion), or Cypher queries | |
| Tagging | The process of associating objects with zones and labels using rules | |
| Certification | [BHE only] An optional process to interrupt automatic inclusion of additional objects in a zone by requiring manual certification of the additional objects |
By default, you can create up to two additional zones to match your organization’s security model. If you need to create more zones, contact your account manager.
Features
The Privilege Zones page provides the following tabs:- Zones: A group of objects that represent the hierarchy of control across all domains in an environment based on access level
- Labels: A flexible way to categorize a group of objects in a single zone (or across multiple zones) for easier searching and filtering
- Certification [BHE only]: An optional process to interrupt automatic inclusion of additional objects in a zone by requiring manual certification of the additional objects
- History: An audit log of changes made to your zones and labels over time