This widget displays the total number of critical threat types detected on your network and the number of affected users and threat detections for each threat type.
-
The widget lists critical threat types in order of severity.
-
Individual users may be affected by more than one critical threat type.
Use the Period drop-down to select the time range for the data that displays.
The Affected users view displays the number of Important Users and Other Users affected by each threat type.
-
Click the count in the Important Users or Other Users column, and then click the affected user you want to view.
To view the number of detections for each threat type, click the settings icon (View to Threat detections.
) and change theWhen the Threat detections view is selected, you can:
-
Click the count for a critical threat type to view the specific threat detections.
-
Click the hyperlink for a specific threat detection to view details about the affected users and analyze whether the threat has affected other endpoints on your network.
The Threat Type column displays the following threat types.
Threat Type |
Description |
---|---|
Ransomware |
Malware that prevents or limits users from accessing their system unless a ransom is paid |
Known Advanced Persistent Threats (APT) |
Intrusions by attackers that aggressively pursue and compromise chosen targets, often conducted in campaigns—a series of failed and successful attempts over time to get deeper and deeper into a target network—and not isolated incidents |
Social engineering attacks |
Malware or hacker attacks that exploits a security vulnerability found in documents, such as a PDF file |
Vulnerability attacks |
Malware or hacker attacks that exploits a security weakness typically found in programs and operating systems |
Lateral movements |
Searches for directories, email, and administration servers, and other assets to map the internal structure of a network, obtain credentials to access these systems, and allow the attacker to move from system to system |
Unknown threats |
Suspicious objects (IP addresses, domains, file SHA-1 hash values, email messages) with the "high" risk level, as detected by Deep Discovery Inspector, endpoint security products, or other products with Virtual Analyzer |
C&C callbacks |
Attempts to communicate with a command-and-control (C&C) server to deliver information, receive instructions, and download other malware |