Skip to main content

Executive Summary

Executive Summary presents a concise security overview of all protected endpoints in your network and is specially designed to help you monitor, analyze and provide executive management with easy-to-interpret data.

Composed mostly of widgets, enhances visibility by offering details about endpoint modules, detections and taken actions, threat types and techniques, your company risk score, and others.

Executive_Summary_cropped.PNG

Important

  • All the provided statistics are based on data collected after enabling the feature. No prior events are included.

  • The Executive Summary feature is not available for Bitdefender EDR.

The initial sections located on the upper side of the page are:

  • Managed endpoints

    This section presents all the machines in your network that have the security agent installed.

    In cases where you have no managed endpoints, you can easily install the security agents from this widget.

  • Active endpoints

    This section informs you about all the endpoints that were online in the selected period or are online at the moment of reporting.

  • Blocked threats

    This section presents the total number of blocked threats identified on your endpoints.

  • Inventory

    This section provides details about the endpoint types and their operating systems.

  • Company risk score

    In this section, you can find information about your company's level of risk.

In the upper right corner of the page, you can find multiple options available.

You can type the name of a company or select from the dropdown menu the company of interest. Please keep in mind that the summary provides statistics for a single company at a time and not for the entire tree structure.

You can also select a predetermined time interval, relative to the current time:

  • Last 24 hours

  • Last 7 days

  • Last 30 days

You can export the summary in a PDF format or generate an Executive Summary report using the Actions dropdown menu. For more information about the report, refer to Report Types.

Note

  • All the presented data is directly correlated with the selected period and company.

  • To make sure the console displays the latest information use the Refresh button at the upper right side of the page.

Depending on the selected interval, you may observe a difference (delta) shown as a percentage in some sections.

Delta values indicate the differences in your network that occurred between two specific periods:

  • The period prior to the selected interval with the same number of days or hours.

  • The selected interval.

For example, in the image below, the total number of blocked threats in your network has decreased by 6% in the Last 30 days. This percentage resulted after comparing values from the exact 30 days prior to the selected interval with values from the last 30 days.

dashboard-executive-summary-delta.png

The main widgets of the summary are:

  • Top 5 types of blocked threats

    The widget offers information about the most frequent threat types based on the number of detections on your endpoints. The column on the left displays the threat types and correlated in the right column you can find the number of detections for each type as well as delta values.

    dashboard-executive-summary-top5.png
  • Threats breakdown by endpoint type

    This widget presents the types of endpoints, workstations, servers, containers, container hosts, and the number of detections on each.

  • Incidents breakdown by action taken

    This widget details the security incidents across the company network.

    The incident categories are described as follows:

    • Reported includes Endpoint and Organization incidents upon which no action was taken and require further investigation.

    • Partially blocked includes Organization incidents in which the automatic actions defined in the policies have been taken only on some entities.

    • Blocked includes Endpoint incidents that were detected and blocked by GravityZone prevention modules.

  • Remediation actions

    This section describes the actions that were taken upon blocked items based on the applied policy settings.

  • Endpoint modules status

    Provides an overview of the protection modules coverage for your endpoints. The chart presents the modules and whether they are enabled, disabled, or not installed on your endpoints.

  • Company risk score

    This widget provides information about the level of risk your organization is exposed to by misconfigured system settings, known vulnerabilities of currently installed applications, and potential risks caused by user activity and behavior.

  • Policy rule-based detections

    This section details the number of detections and their types based on rules customized in the policy by the administrator.

    The detection types include:

    • Blocked devices - the number of detections based on Device Control rules.

    • Blocked connections - the number of detections based on Firewall rules.

    • Blocked applications - the number of detections based on Application Blacklisting rules.

    • Blocked websites - the number of detections based on Web Access Control rules.

  • Blocked websites

    This widget presents the number of detections organized by threat types and identified on your endpoints by Network Protection.

  • Blocked network attack techniques

    This section provides information about the blocked attack techniques discovered in your network.

Exploring multidimensional data

Executive Summary provides you with the possibility to explore data, by browsing from a statistical level to a more granular and detailed view. The drill-down capability helps you navigate instantly from widgets to specific sections of the Control Center.

To navigate from each widget:

  1. Click the Monitoring page and select Executive Summary.

  2. Find the widget of interest.

  3. Click the widget’s title or content, depending on your selection. For example, if you want to view only the threats discovered on workstations, directly click On workstations instead of the widget’s title.

    After your selection, you are automatically redirected to the corresponding area of the Control Center. Each section displays complex information in a customized way so that you can identify and analyze with ease the aspects you are interested in.

To navigate to the Threats Xplorer section, where you can view in detail the detected threats in your network, use the following widgets:

  • Blocked threats

  • Top 5 types of blocked threats

  • Threats breakdown by endpoint type

  • Remediation actions

  • Policy rule-based detections

  • Blocked websites

  • Blocked network attack techniques

To navigate to the Network area where you can view the endpoints list, the corresponding operating systems, and versions, the types of endpoints, and others, use the following widgets:

  • Managed endpoints

  • Active endpoints

  • Inventory

The Company risk score widget redirects you to the Risk Management section where you can find information about the level of risk your organization is exposed to by misconfigured system settings, known vulnerabilities of currently installed applications, and potential risks caused by user behavior.

The Incidents breakdown by action taken widget redirects you to the Incidents section, where you can view all the security events that are part of Endpoint or Organization incidents.

The Endpoint modules status widget automatically generates an Endpoint modules status report when accessed. The report provides details about the protection modules coverage for your endpoints.

Important

The sections to which you are redirected are automatically filtered according to your widget selection.

For example, when you click the Blocked threats widget and you are redirected to the Threats Xplorer page the following columns will have preselected and active filters:

  • Endpoint type

    Active filters: Workstation and Server

  • Detecting module

    Active filters: Antimalware, Network Protection, Storage Protection, Exchange Protection

  • Action taken

    Active filters (only remediation actions): Blocked, Deleted, Quarantined, Disinfected, Malicious process killed, Replaced attachment, Rejected/deleted email, Deleted attachment, Rejected email attachment

  • Detecting technology

    Active filters: multiple GravityZone technologies corresponding to the selected modules

  • The reporting interval and the company are automatically correlated with your selection from the Executive Summary section.

Installing security agents

To install security agents you can use the options Install now or Send download links available at the top of the Executive Summary page.

To download and install the security agent directly:

  1. Click the Install now button. A download process begins.

    The downloader is small in size file, and it can be run on 32-bit, 64-bit (Windows and Linux) systems, ARM64 systems (Windows only) or 64-bit macOS systems (both Intel x86 and Apple ARM architectures) and it requires an active Internet connection.

  2. Run the installation package as follows:

    Windows and macOS systems:

    1. Run the package using administrative privileges.

    2. Follow the on-screen instructions.

    Linux systems:

    1. Gain root privileges:

      # sudo su
    2. Change permissions to the installation file so that you can execute it:

      # chmod +x installer
    3. Run the installation file:

      # ./installer
    4. To check that the agent has been installed on the endpoint:

      $ systemctl status bdsec*

    After installation, you can view the endpoint in the Managed endpoints widget and in the Network page,

To quickly inform other users that an installation package is available to download:

  1. Click the Send download links button. A configuration window will appear.

  2. Enter the email address of each user you want to receive the installation package download link. You can add multiple addresses separated by a comma. Press Enter or click the Add button to create the desired list.

    Note

    Please make sure that each entered email address is valid and unique.

  3. Click Send. An email containing the installation link is sent to each specified email address.

To install the security agents, you can use the above procedure based on your operating system.