Risk Management – Bitdefender TechZone

With GravityZone Risk Management, you can gain a comprehensive overview of your organization's attack surface, enabling you to identify and mitigate risks across endpoints, applications, user behavior, and cloud environments.

Endpoint Misconfigurations & Vulnerabilities – helps you on Windows and Linux operating systems, identify misconfigurations, including issues with local and group policies, computer configuration settings, and application vulnerabilities. These vulnerabilities provide visibility into applications installed on managed endpoints that have been identified as containing security risks associated with the Common Vulnerabilities and Exposures (CVE) system. More information you can find in the Endpoint Risk Management article.

User Behavior Risk helps you track end users' activity in Windows computers that could potentially compromise your organization’s security. This functionality is covered in detail in the User Risk Management article.

Cloud Security Posture Management helps you verify risks associated with cloud assets on Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure. More information you can find in the Cloud (CSPM+) article.

Proactive Hardening and Attack Surface Reduction (PHASR) proactively hardens your systems by analyzing user behavior to prevent "Living off the Land" attacks and targeted threats. It uses anomaly detection to enable tailored, application action-level blocking, reducing your attack surface without disrupting operations. More information you can find in the Proactive Hardening and Attack Surface Reduction (PHASR) article.

External Attack Surface Management (EASM) helps you continuously discover and analyze internet-facing assets and their vulnerabilities, providing an attacker-centric view to proactively reduce your attack surface. More information you can find in the External Attack Surface Management (EASM) article.

Compliance Manager streamlines regulatory adherence by mapping IT controls to standards like GDPR, ISO 27001, and NIS2, offering real-time endpoint evaluations, actionable remediation steps and recommendations, and audit-ready reports. More information you can find in the Compliance Manager article.

To activate Risk Management, navigate to the Policies configuration within your settings. Here, you can schedule automated risk scans, ensuring your endpoints are regularly assessed without manual intervention.

Whenever you need, you can run on-demand scans by selecting specific endpoints from the Network page. Once selected, you can initiate a Risk Scan task from the Tasks menu. On-demand scans can also be initiated using the Scan button from the Risk Management grids.

The Risk Management Dashboard delivers an intuitive risk assessment score, allowing you to swiftly pinpoint which systems or users are at the highest risk.

The Company Risk Score represents the overall risk level your organization faces due to factors such as misconfigured system settings, known vulnerabilities in applications, and user behavior. The Score Over Time graph tracks these changes on a daily basis. To check how the company risk score is calculated click here. Ignoring a risk action executed by the administrator will remove the risk from the overall company risk score calculation.

The Health Industry Modifier provides information about vulnerabilities and exposures (CVEs) discovered in your environment that have already been exploited among other organizations within the same industry, and dynamically adjusts the Company Risk Score accordingly.

Your industry can be defined in the My Company details section in the Industry field.

During a security incident, it's essential to stop the attack and identify its source. GravityZone Incident Advisor was designed to minimize the time required to investigate and contain threats. Its Associated Risks widget not only pinpoints the root causes that led to the incident but also reveals all related security risks, enabling you to address it and prevent future breaches. This widget summarizes risks linked to incident-related entities and includes:

For example, if the incident occurred because a user used his credentials in unencrypted communication, which was a root cause of the incident, Risk Analytics will report it along with a list of all detected root cause risks for this incident and the top five most severe risks affecting node and resource types, as identified by User and Endpoint Risk Management and Cloud Security.