Bitdefender launches personnel risk analysis tool to prevent human errorTime: Jul. 13, 2020
Businesses often invest a large amount of time and money on endpoints and network security to prevent cyber attacks. An aspect that traditionally is beyond the control of security technologies is the human factor. Users will make mistakes if they click on a malicious link or attachment, unintentionally download malware, or use unsafe products. A new role for security company Bitdefender aims to take control of this human element that would otherwise be uncontrollable.
Human Risk Analytics was developed to complement GravityZone's anti-malware technologies and centralized security management. The objective is to protect companies from internal threats and other risks related to people.
In particular, HRA will review user actions and identify behaviors that pose a risk to the safety of the company and its employees. With integrated risk assessment data, security professionals can find higher-risk systems and users and take steps to resolve them individually.
Unlike other user monitoring methods, HRA does not monitor websites that a user visits or if the user is using a USB drive.
Instead, HRA records user behavior and potential risks to create a risk profile. For example, when Human Risk Analytics detects that the user visits websites that are known to be malicious, infected through a USB key, use unencrypted websites to connect or click on the phishing URLs in an email or other high risk stocks are included. These actions modify the risk profile of the user and affect the general risk assessment of the company.
All of the HRA information is part of the risk dashboard in the GravityZone console, so security administrators using the product don't need to take any other action.
HRA is fully integrated into GravityZone, in particular in the Risk Analytics engine. HRA is currently available as a beta feature for all GravityZone users.
In addition to Human Risk Analytics, GravityZone expands its security controls with a ransomware mitigation module that enables companies to better manage advanced ransomware attacks using real-time file backups. Future versions of GravityZone will add risk mitigation features to people, such as adaptive security awareness training and adaptive security controls. All new features will be integrated into GravityZone's management features for human vulnerabilities.
Risk analysis or assessment enables organizations to identify and quantify their exposure to risks. This should be an ongoing effort and is at the heart of a strong cybersecurity strategy. It is important to have a clear understanding of risk to make the right decision about what risks should be prioritized in the mitigation process and what security controls are appropriate.