The Critical Threats section of the Security Posture tab displays the total number of unique critical threats (by threat type) detected on your network, the total number of affected users, and the number of affected important users (marked by the star).
Click the number of affected users to view additional details on the User/Endpoint Directory screen.
Critical threat detections include the following threat types.
|
Threat Type |
Description |
|---|---|
|
Ransomware |
Malware that prevents or limits users from accessing their system unless a ransom is paid |
|
Known Advanced Persistent Threat (APT) |
Intrusions by attackers that aggressively pursue and compromise chosen targets, often conducted in campaigns—a series of failed and successful attempts over time to get deeper and deeper into a target network—and not isolated incidents |
|
Social engineering attack |
Malware or hacker attacks that exploits a security vulnerability found in documents, such as a PDF file |
|
Vulnerability attack |
Malware or hacker attacks that exploits a security weakness typically found in programs and operating systems |
|
Lateral movement |
Searches for directories, email, and administration servers, and other assets to map the internal structure of a network, obtain credentials to access these systems, and allow the attacker to move from system to system |
|
Unknown threats |
Suspicious objects (IP addresses, domains, file SHA-1 hash values, email messages) with the "high" risk level, as detected by Deep Discovery Inspector, endpoint security products, or other products with Virtual Analyzer |
|
C&C callback |
Attempts to communicate with a command-and-control (C&C) server to deliver information, receive instructions, and download other malware |