User Risk Management – Bitdefender TechZone
User Risk Management identifies and mitigates potential threats posed by user behavior. It monitors user activity, detects anomalies, and provides actionable insights to protect your organization's assets.
User Risk Management enables you to gain visibility into all active users within your organization and their actions that may unintentionally or intentionally expose your environment to threats. You can identify users exhibiting risky behavior, understand the underlying risks, and take immediate remediation action.
Risk Management Dashboard
When you access the dashboard for the first time, you will be prompted with a notification bar that requires your permission to allow GravityZone to monitor unusual user activity. If you missed this notification, you could enable Identity monitoring on the upper right side of the page.
The Risk Management Dashboard provides the number of identities scanned and monitored to gather the data currently displayed on the page. It also provides information about the top 15 results for potential risks caused by unintentional or reckless behavior of active users in your network, ordered by the number of vulnerable users.
If you want to know what user behaviors are monitored and how Bitdefender processes and collects user data, please visit our Bitdefender Support Center here.
Note
With a CSPM+ license, the Identities section includes Bitdefender Cloud (CSPM+) identities.
Identity Risk
The Identity risk section provides detailed information about the severity level, number of vulnerable users, risk status, and type. For a complete list of detectable identity risk, please visit our Bitdefender Support Center here.
You can use existing views or create and save your own predefined searches. The Filters section allows you to customize the user behavior risks that are displayed.
The CIS compliant section allows you to view all user behavior risks associated with the CISv8 compliance standard. If an identity risk was ignored and removed from the overall company risk score calculation, you can check its actual status in the Ignored section. The Watchlist section helps you track high-priority identity risk, such as those involved in incidents.
You can export the current risk status to a CSV file for import into third party solution or to demonstrate the progress and value of your risk management efforts.
The side panel provides General information such as the risk score, type of mitigation that can be applied, and details about the check and security standard requirements. The Details section provides information on the security standard used for the scan that created the risk, along with security requirement. In the Risk Mitigation section, you will find information on the steps required to fix the risk or the option to ignore the risk.
Identities
The Identities tab provides information about the username, overall risk severity level, title, department, number of risks they are exposed to, and their status in calculating the overall company risk.
For detailed information on customizing views, using the Watchlist, and understanding the impact of ignored users on the overall risk score, please refer to the Identity Risk section above.
The side panel provides general information such as the username, the number of devices assigned to the user (grouped per endpoint type), and the user's status. You can take the following actions:
View Risks: This link takes you to the Identity Risks page, where it displays the risks associated with this user.
Add to Watchlist: Add this device to your watchlist.
View Events and Alerts: This link takes you to the Search page, where it displays all EDR and XDR events and alerts associated with this user.
View Incidents: This link takes you to the Incidents page, where it displays all EDR and XDR incidents associated with this user.
Recommended Content
To learn more about the technologies included in Risk Management we recommend reading the next article Cloud CSPM.