Endpoint Risk Management allows you to identify misconfigurations on Windows and Linux operating systems, including issues with local and group policies, computer configuration settings, and application vulnerabilities. These vulnerabilities provide visibility into applications installed on managed endpoints that have been identified as containing security risks associated with the Common Vulnerabilities and Exposures (CVE) system. Through the analysis of the risk details, we provide you with a clear understanding of the risk, along with remediation actions including deploying patches using the Patch Management module.
To make sure the Endpoint Risk Management module is activated read our Risk Management configuration article.
The Risk Management Dashboard provides a comprehensive overview of all resources risks, offering insights into:
Scanned Resources: Displays the total number of endpoints scanned and monitored to gather the data presented on the dashboard.
Top Findings: Highlights the 15 most common misconfigurations that triggered risk alerts, ranked by the number of affected devices.
Top Vulnerable Apps: Lists the 15 most frequent application vulnerabilities that triggered risk alerts, ranked by the number of affected devices.
Servers by Severity: Categorizes detected server risks by severity level.
Workstations by Severity: Categorizes detected workstation risks by severity level.
Top Resources at Risk: Identify the five devices within your organization that pose the highest risk.
Detailed information about Risk Management Dashboard can be found at our Bitdefender Support Center here.
The Findings page presents a comprehensive list of all risk indicators, including risk score, number of affected devices, misconfiguration type, and mitigation type. For a complete list of detectable findings categorized by operating system, please visit our Bitdefender Support Center here.
Note
With a CSPM+ license, the Findings section now includes findings associated with Bitdefender Cloud (CSPM+).
Utilize existing views or create and save your own predefined searches. The Filters section allows you to customize the misconfigurations that are displayed.
The CIS compliant section allows you to view all misconfiguration risks associated with the CISv8 compliance standard. If a finding was ignored and removed from the overall company risk score calculation, you can check its actual status in the Ignored section. The Watchlist section helps you track high-priority findings, such as those associated with the incident.
You can export the current findings status to a CSV file for import into third party solution or to demonstrate the progress and value of your risk management efforts.
The side panel provides comprehensive information beyond general details. It includes in-depth information about misconfiguration, compliance standards, and all available risk mitigation actions:
Automatic Mitigation: Create a task to automatically mitigate the issue by changing the configuration.
Manual Mitigation: Specific threats may require manual intervention. You can find detailed steps for fixing the risk in the Risk Mitigation section.
Ignoring a Risk: You can temporarily remove the risk from the list if it cannot be resolved. This action will remove the findings from the overall company risk score calculation. You can always restore the ignored risk.
Roll back fix: You can revert one or more fixes applied to findings and resources.
Resources section in the side panel lists all devices in your organization where the selected misconfiguration exists. Selecting any of the devices displays a list of affected resources. To view detailed information about these resources you can use:
View Incidents: This link takes you to the Incidents page, where it displays all EDR and XDR incidents associated with this misconfiguration.
View Events and Alerts: This link takes you to the Search page, where it displays all EDR and XDR events and alerts associated with this misconfiguration.
Detailed information about Findings can be found at our Bitdefender Support Center here.
The Vulnerabilities section provides you with information about all vulnerable applications discovered on managed devices in your environment after scanning. You can check their severity level, the number of known CVEs per application, the number of affected devices, and whether those vulnerabilities are actively exploited in your industry.
You can utilize existing views or create and save your own predefined searches. The Filters section allows you to customize the vulnerabilities that are displayed.
If a risk was ignored and removed from the overall company risk score calculation, you can check its actual status in the Ignored section. The Watchlist section helps you track high-priority vulnerabilities, such as those involved in incidents.
You can export the current vulnerabilities status to a CSV file for import into third party solution or to demonstrate the progress and value of your risk management efforts.
The side panel provides you with general information such as the type of application, the risk score of the vulnerability, and whether any detected vulnerabilities target your industry. It also provides information on the steps required to fix the risk, facilitating the risk mitigation process:
Patch App: This option automatically updates the app to the latest available version that fixes the vulnerability.
Ignore Application: Ignore the selected vulnerable application.
The Resource section provides you with a list of devices where this risk has been detected. It includes information such as registry keys or paths. The Device section provides you with a list of devices where this risk has been detected. It includes information such as registry keys or paths.
The CVE ID section lists all CVEs related to this application. By selecting a CVE, it will open in a new browser tab:
The official NIST page with the CVE.
The Device section with predefined filters to list all devices affected by the CVE.
Detailed information about Vulnerabilities can be found at our Bitdefender Support Center here.
You can view all scanned servers and workstations under your management. It provides detailed information about their name, severity level, device type, and the number of risks affecting them.
Note
With a CSPM+ license, the Resources section includes integrated Bitdefender Cloud (CSPM+) resources.
You can utilize existing views or create and save your own predefined searches. The Filters section allows you to customize the devices that are displayed.
If a resource was ignored and removed from the overall company risk score calculation, you can check its actual status in the Ignored section. The Watchlist section helps you track high-priority devices, such as those involved in incidents.
The Resources section allows you to automatically isolate a device, for example, when it's involved in an incident with a high misconfiguration score and an unpatched critical vulnerability.
You can also check all information about misconfigurations and vulnerabilities that exist on selected endpoints. Additionally, you can view all events, alerts, and incidents where the selected machine was involved.
Detailed information about Resources can be found at our Bitdefender Support Center here.
To learn more about the technologies included in Risk Management we recommend reading the next article User Risk Management.