Skip to main content

Risk Management

The Endpoint Risk Analytics module helps you identify and remediate a large number of network and operating system risks at the endpoint level via risk scan tasks that can be configured in policy to run recurrently on target endpoints.

Note

This module is available for:

  • Windows for workstations

  • Windows for servers

  • Linux

You can choose from a large list of indicators of risks for scanning your endpoints and determine if they are vulnerable.

policies_risk_management_cp_48296_en.png

To configure Endpoint Risk Analytics:

  1. Click the Risk Management toggle to enable the feature and start configuring policies that define how to run the Risk Scan task.

  2. In the Scheduler section, configure the risk scan schedule for target endpoints:

    1. Specify the start date and time for the scheduled risk scan.

    2. Select the scan recurrence type:

      • Periodically, by a specified number of days or weeks

      • By the day of the week

      Note

      To save the policy, you must select at least one day of the week for the Run task every: option. This selection is required even when the Risk Management toggle is disabled and you are on a different page within the policy.

      Important

      Endpoints must be powered-on when the schedule is due. A scheduled scan will not run when due if the machine is turned off, hibernating or in Sleep mode. In such situations, the scan will be postponed until next time. The scheduled scan will run at the target endpoint local time. For example, if the scheduled scan is set to start at 6:00 PM and the endpoint is in a different time zone than Control Center, the scanning will start at 6:00 PM (endpoint time).

    3. Optionally, you can specify what happens when the scan task could not start at the scheduled time (endpoint was offline or shutdown).

      Use the If scheduled run time is missed, run task as soon as possible option according to your needs:

      • When you leave the option unchecked, the scan task will attempt to run again at the next scheduled time.

      • When you select the option, you force the scan to run as soon as possible. To fine-tune the best timing for the scan runtime and avoid disturbing the user during the work hours, select Skip if next scheduled scan is due to start in less than, then specify the interval that you want.

Risk scan tasks run with all the indicators of risk activated by default.

After a risk scan task has finished successfully, you can go to the Misconfigurations tab of the Security Risks page, analyze them and choose which indicators to ignore, if needed.Misconfigurations

The overall company risk score will be recalculated based on the ignored indicators of risk.

Note

For more information about risk management with GravityZone, refer to Endpoint Risk Analytics (ERA).