Risk Management – Bitdefender TechZone

With GravityZone Risk Management, you can gain a comprehensive overview of your organization's attack surface, enabling you to identify and mitigate risks across endpoints, applications, user behavior, and cloud environments.

Endpoint Misconfigurations & Vulnerabilities – helps you on Windows and Linux operating systems, identify misconfigurations, including issues with local and group policies, computer configuration settings, and application vulnerabilities. These vulnerabilities provide visibility into applications installed on managed endpoints that have been identified as containing security risks associated with the Common Vulnerabilities and Exposures (CVE) system. More information you can find in the Endpoint Risk Management article.

User Behavior Risk helps you track end users' activity in Windows computers that could potentially compromise your organization’s security. This functionality is covered in detail in the User Risk Management article.

Cloud Security Posture Management helps you verify risks associated with cloud assets on Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure. More information you can find in the Cloud (CSPM+) article.

Proactive Hardening and Attack Surface Reduction (PHASR) proactively hardens your systems by analyzing user behavior to prevent "Living off the Land" attacks and targeted threats. It uses anomaly detection to enable tailored, application action-level blocking, reducing your attack surface without disrupting operations. More information you can find in the Proactive Hardening and Attack Surface Reduction (PHASR) article.

External Attack Surface Management (EASM) helps you continuously discover and analyze internet-facing assets and their vulnerabilities, providing an attacker-centric view to proactively reduce your attack surface. More information you can find in the External Attack Surface Management (EASM) article.

Compliance Manager streamlines regulatory adherence by mapping IT controls to standards like GDPR, ISO 27001, and NIS2, offering real-time endpoint evaluations, actionable remediation steps and recommendations, and audit-ready reports. More information you can find in the Compliance Manager article.

To activate Risk Management, navigate to the Policies configuration within your settings. Here, you can schedule automated risk scans, ensuring your endpoints are regularly assessed without manual intervention.

Whenever you need, you can run on-demand scans by selecting specific endpoints from the Network page. Once selected, you can initiate a Risk Scan task from the Tasks menu. On-demand scans can also be initiated using the Scan button from the Risk Management grids.

Available under the Monitoring section in the ASM Dashboard tab, the Risk Management Dashboard provides a comprehensive overview of your network security and risk assessment. The dashboard offers a customizable layout with resizable and rearrangeable widgets, allowing you to tailor the view to your needs. Within these widgets, you can pivot to view detailed information on:

The Company state widget represents the overall risk level your organization faces. It is calculated based on factors such as misconfigured system settings, known application vulnerabilities, and user behavior, with each contributing to the final score. You can track these changes daily with the Score Over Time graph. Ignoring a risk action executed by the administrator removes the risk from the overall company risk score calculation. The Industry Modifier parameter provides crucial information about vulnerabilities and exposures (CVEs) discovered in your environment that have already been exploited by other organizations within the same industry. Your industry can be defined in the Industry field within the My Company details section:

To find the top risks related to vulnerabilities, you can use widgets that are categorized by severity and impact. This will help you identify the most critical issues at a glance and understand their potential effect on your network. Key widgets for this include Top vulnerabilities by severity and Top vulnerabilities by impact.

If you want to focus on the security of specific users and resources, the dashboard provides a clear overview of identity-related risks and a breakdown of your scanned environment. Useful widgets for this are Top identities at risk and Top resources involved in incidents.

For a general overview of all security findings, you can leverage widgets that provide high-level summaries. These widgets help you quickly grasp the most prevalent issues across your environment. Relevant widgets include Top findings by severity and Top findings by impact.

During a security incident, it's essential to stop the attack and identify its source. GravityZone Incident Advisor was designed to minimize the time required to investigate and contain threats. Its Associated Risks widget not only pinpoints the root causes that led to the incident but also reveals all related security risks, enabling you to address it and prevent future breaches. This widget summarizes risks linked to incident-related entities and includes:

For example, if the incident occurred because a user used his credentials in unencrypted communication, which was a root cause of the incident, Risk Analytics will report it along with a list of all detected root cause risks for this incident and the top five most severe risks affecting node and resource types, as identified by User and Endpoint Risk Management and Cloud Security.