Skip to main content

Security Risks

This page displays all the risks, affected devices, and vulnerable users discovered in your environment after running a Risk Scan task.

iorSecurityrisk.png

The indicators of risk are displayed in a fully customizable grid formation with complex filtering options:

  1. Select the company under your management to analyze and mitigate the risks impacting it.

  2. Select which category to investigate:

  3. Use these action buttons to customize your grid:

Each indicator entry is listed in a rich card format, providing an overview of each indicator of risk, with information based on the selected filters.

Misconfigurations

The Misconfigurations tab displays by default all the GravityZone indicators of risk. It provides detailed info of their severity, number of affected devices, the misconfiguration type, mitigation type (manual or automatic), and status (active or ignored).

To fix multiple misconfigurations at once:

  1. Select the master check box or individual boxes of indicators of risk to select them.

    iorFixMultipleRisks.png
  2. Click the Fix Risks button.

    A new window pops up where you need to confirm the action, or cancel it.

  3. A new task is created to apply the recommended setting on all affected devices.

    Note

    You may check the progress of the task in the Network > Tasks page.

    If the indicator of risk can be mitigated only manually, you need to access the affected devices yourself and apply the recommended configuration.

To change the status of misconfigurations:

  1. Select the master check box or individual boxes of indicators of risk to select them for status change.

    iorChangeStatus.png
  2. Click the Ignore/Restore Risks button to change the status from Active to Ignored, or vice-versa.

    Note

    The Ignore Risks action applies to all the selected devices, and influences the overall company risk score upon performing a new risk scan.

    We strongly recommend you to assess how disregarded indicators of risk may impact your organization's security.

You can customize the information displayed in cards and filter misconfigurations by using these options:

Filtering option

Details

Misconfiguration

This column includes a searchable drop-down menu that allows you to filter the list of indicators by name.

Severity

This column allows you to filter the list of indicators by the level of severity of each indicator of risk. You may select between Low, Medium, and High.

Affected Devices

This column shows the number of servers and workstations that may be exposed to threats by a specific indicator of risk.

Type

This column allows you to filter the list of indicators of risk by their type:

  • Browser security

  • Network and credentials

  • OS security

Mitigation Type

This column allows you to filter the list of indicators of risk that can be mitigated manually or automatically.

Status

This column allows you to filter the list of indicators of risk by their status, Active or Ignored.

Click the misconfiguration you want to analyze, to expand its specific side panel.

iorMisconfigPanelSections.png

Each panel contains:

  1. An info section with the name of the risk indicator, its level of severity, number of affected devices, and type.

  2. A Details section that thoroughly describes the setting, and configuration guidelines.

  3. A Mitigations section that includes recommendations that minimize the risk on the affected devices, as well as available actions:

    1. Click the Fix Risk button to properly configure this setting.

      A new window pops up where you need to confirm the action, or cancel it.

    2. A new task is created to apply the recommended setting on all affected devices.

      Note

      You may check the progress of the task in the Network > Tasks page.

      If the indicator of risk can be mitigated only manually, you need to access the affected devices yourself and apply the recommended configuration.

    3. The Ignore Risk button changes the status of the selected risk from Active to Ignored.

      Tip

      You can change it back to active state anytime you choose to, by clicking the Restore Risk button.

    4. The View Devices button takes you to the Devices tab, to see all the devices this indicator of risk is currently affecting.

App Vulnerabilities

The App Vulnerabilities tab displays all the vulnerable applications discovered on devices in your environment during scanning. It provides detailed info of their level of severity, number of known CVEs per application, and number of affected devices.

The top 100 vulnerabilities are displayed for each application. The vulnerabilities are ranked by severity. After resolving existing vulnerabilities, you can run a Risk scan task to discover and display more.

You can customize the information displayed in cards and filter vulnerable applications by using these options:

Filtering option

Details

Applications

This column includes a searchable drop-down menu that allows you to filter the list of vulnerable applications by name.

Severity

This column allows you to filter the list of vulnerable applications by the level of severity of each app. You may select between Low, Medium, and High.

CVE

This column shows the number of Common Vulnerabilities and Exposures (CVEs) for applications currently installed in your environment.

Affected Devices

This column shows the number of servers and workstations that may be exposed to threats by a specific indicator of risk.

Click the vulnerable app you want to analyze to expand its specific side panel.

iorAppsPanelSections.png

Each panel contains:

  1. An info section with the name of the application, level of severity, how many devices it affects, and how many exploits were allowed to corrupt your environment.

  2. A Remediation section with mitigation actions and list of discovered CVEs:

    1. Click Patch App button to apply available patches for the vulnerable application.

      Important

      The Patch App functionality works only for scanned devices that have the Patch Management module installed.

      A new window pops up where you need to confirm the action, or cancel it.

    2. A new task will be created to apply the patches to vulnerable applications on all affected devices.

      Note

      You may check the progress of the task in the Network > Tasks page.

    3. The Ignore App button changes the status of the selected app from Active to Ignored.

      Note

      You can change it back to active state anytime you choose to, by clicking the Restore App button.

    4. The View Devices action takes you to the Devices tab to see all the devices this vulnerable application is currently affecting.

    5. Expand listed CVEs and click the View CVE Database button to access the database with specific info.

User Behavior Risks

The User Behavior Risks tab displays all the risks caused by the reckless or unintentional actions of active users, or lack of measures taken to properly secure their working sessions while in your network. It provides detailed info of the level of severity, number of vulnerable users, risk status and type.

Note

See User Behavior Risk Data Collection for more details on how we process user data.

You can customize the information displayed in cards and filter human risks by using these options:

Filtering option

Details

Human Risks

This column includes a searchable drop-down menu that allows you to filter the list of human risks by name.

Severity

This column allows you to filter the list of human risks by their level of severity. You may select between Low, Medium, and High.

Vulnerable Users

This column shows the number of users causing human risks.

Mitigation Type

This column allows you to filter the list of risks that can be mitigated manually or automatically.

Status

This column allows you to filter the list of risks by their status, Active or Ignored.

Click the human risk you want to analyze, to expand its specific side panel.

iorHumanRiskPanelSections.png

Each panel contains:

  1. An info section with the name of the risk, level of severity, vulnerable users, risk status, and a detailed description of the risk.

  2. A Mitigations/User Actions section with mitigation actions:

    • The Ignore Risk button changes the status of the selected risk from Active to Ignored.

      Note

      You can change it back to active state anytime you choose to, by clicking the Restore Risk button.

    • The View Users action takes you to the Users tab to see all the users that have triggered this risk while active in your network.

Devices

The Devices tab displays all the scanned servers and workstations under your management. It provides detailed info of their name, level of severity, device type, and number of risks affecting them.

The top 500 vulnerabilities are displayed for each device. The vulnerabilities are ranked by severity. After resolving existing vulnerabilities, you can run a Risk scan task to discover and display more.

You can customize the information displayed in cards and filter devices by using these options:

Filtering option

Details

Device

This column includes a searchable drop-down menu that allows you to filter the list of affected servers and workstations by name.

Severity

This column allows you to filter the list of devices by the level of severity affecting each device. You may select between Low, Medium, and High.

Misconfigurations

This column shows the number of misconfigurations discovered per device.

CVEs

This column shows the number of Common Vulnerabilities and Exposures (CVE) discovered per device.

Device Type

This column allows you to filter the list of devices by their type. You may select between Server, and Workstation.

Click the device you want to investigate to expand its specific side panel.

iorDevicesPanelSections.png

Each panel contains:

  1. An info section with the name of the device, level of severity, and number of misconfigurations and common vulnerabilities and exposures affecting it.

    The Ignore Endpoint button changes the status of the selected risk from Active to Ignored.

    Note

    You can change it back to active state anytime you choose to, by clicking the Restore Endpoint button.

  2. A risks section displaying in detail each misconfiguration and vulnerable application discovered on the device, grouped in two tabs.

    • The Misconfigurations tab includes all the misconfigurations discovered on the device, grouped into indicators of risk that can be fixed automatically, and indicators of risk that may be resolved only manually.

    • The App Vulnerabilities tab includes all the vulnerable applications discovered on the device, and number of CVEs impacting each application.

      iorDevicesAppsSubTab.png
      1. Click Patch All Apps button to apply available patches for all the vulnerable applications that expose the selected device to threats.

        Important

        The Patch All Apps functionality works only for scanned devices that have the Patch Management module installed.

        A new window pops up where you need to confirm the action, or cancel it.

      2. A new task will be created to apply the patches to vulnerable applications on all affected devices.

        Note

        You can check the progress of the task in the Network > Tasks page.

        Note

        You can also choose to investigate separately each vulnerable app affecting the current device, and patch them one by one using the Patch App button.

Users

The Users tab displays all users which, intentionally or not, are exposing your environment to threats. It provides information such as the user name, level of overall risk severity for that user, the user's title and department, number of risks they are exposed to, and their status in calculating the overall company risk.

Note

See User Behavior Risk Data Collection for more details on how we process user data.

You can customize the information displayed in cards and filter vulnerable applications by using these options:

Filtering option

Details

Users

This column includes a searchable field that allows you to filter the list of vulnerable users by name.

Severity

This column allows you to filter the list of vulnerable users by their level of severity. You may select between Low, Medium, and High.

No. of Risks

This column shows the number of human risks each user is posing.

Title

This column allows you to filter the list of users by their title inside the organization.

Department

This column allows you to filter the list of users by the department they belong to within your organization.

Status

This column allows you to filter the list of users by their status, Active or Ignored.

Click the user you want to investigate to expand its specific side panel.

iorUsersPanelSections.png

Each panel contains:

  1. An info section with the user name, title and department, contact information, level of severity, and status.

  2. A Mitigations/User Actions section with mitigation actions:

    1. The Ignore User button changes the status of the selected user from Active to Ignored.

      Note

      You can change it back to active state anytime you choose to, by clicking the Restore User button.