Mitigating and Managing Risk

Operations Dashboard identifies at-risk users and devices, and provides remediation and suggested preventative options to manage the risk to your environment.

The Risk Assessment tab of the User Profile and Device Profile screens displays the Risk Indicators table which provides details about the risk events affecting your users and devices. By mitigating the effect of the risk events, and taking measures to prevent repeat events, you can lower your company's overall risk index. Expand each row to locate Remediation actions to manage each event.

After performing remediation actions, create a Zero Trust Secure Access rule to automatically respond to similar attacks in the future.

For more information, see Secure Access Rules.

Access the User Profile or Device Profile screens by clicking the User / Device name in the At-Risk Users/Devices widget.

The following table outlines common remediation actions for different risk factors.

Risk Factor

Event Type

Remediation Actions

Account compromise

Leaked account

Disable or reset this account with a strong password.

Credential anomaly

Investigate the event using the Workbench.

Email attack

Quarantine or delete the message using the product console.

Account access

Contact account owner to verify this event. Disable the account as required.

Anomaly detection

Account access

Contact account owner to verify this event. If risky, disable or reset this account with a strong password.

Device access

Contact device owner to verify this event. If risky, disable or reset this device.

Threat detections

<all>

Check event details on product management server.

Vulnerability detection

Operating system vulnerability

Apply the latest patch or upgrade the operating system version.

Application vulnerability

Apply the latest patch or upgrade the application version.

XDR detections

<all>

Investigate the event using the Workbench.