Lowering the Risk Index

Take remediation steps and preventative measures to help lower the risk index of your organization.

  1. View the current risk index and the at-risk events under each risk factor affecting your network.
  2. Investigate the at-risk users and devices that appear in the AT-RISK USERS/DEVICES section and take the following suggested mitigation actions on them.

    Mitigation Suggestions

    Description

    Remediation steps

    Remediation steps allow you to take immediate actions on the at-risk users or devices, for example, to disconnect the user or isolate the device from your network, to prevent them from affecting other entities in the same environment.

    1. View the risk events and the associated risk factors detected on a user or device in the AT-RISK USERS/DEVICES section.

    2. Click the user or device name to open the user or device profile screen.

    3. Expand each risk event in the RISK INDICATORS section to view the detailed information about the event and what mitigation actions are suggested for each event.

    4. Follow the instructions to perform remediation steps on the user or device.

    5. Repeat steps c and d to remove risks from the user or device.

    6. Locate the user or device in the AT-RISK USERS/DEVICES section, click the flag icon in the front, and then select Closed or Closed - false positive.

      Resolving high risk events on at-risk users and devices helps mitigate the overall risk of your organization and contributes to the risk index assessment by the Zero Trust Risk Insights app.

    Preventative measures

    Preventative measures enable you to automate the risk control by creating a secure access rule that matches the detected risk event. This helps protect your network against follow-up risks similar to the currently detected ones and thus reduce the overall risk index over time.

    Create a secure access rule in any of the following ways:

    • AT-RISK USERS/DEVICES section: Click at the end of the column corresponding to a user or device and select Assign Secure Access Rule from the drop-down menu.

    • User or device profile screen: Click next to the user or device name and select Assign Secure Access Rule from the drop-down menu.

    • RISK INDICATORS section: Expand each risk event and click Create a Zero Trust Secure Access rule in the Preventative measures part.

    For details about secure access rules, see Secure Access Rules.