Breach Predictor
Using Zscaler Breach Predictor
This guide takes you through the basic high-level steps for how to use Zscaler Breach Predictor and provides links to more information. Because Breach Predictor uses data from other Zscaler tools, you should familiarize yourself with how Zscaler Internet Access (ZIA) and Zscaler Sandbox work so that you can better understand the log data that Breach Predictor uses to identify threats to your organization. Additionally, as a major part of its predictive intelligence, Breach Predictor relies on the MITRE ATT&CK framework to give you a clear picture of your overall security posture. Zscaler recommends reading the following articles before you begin using Breach Predictor:
- Understanding the ZIA Cloud Architecture
- About Sandbox
- Integrating with CrowdStrike
- MITRE ATT&CK Overview
To use Zscaler Breach Predictor, complete the following steps:
- Step 1: Ensure Completion of Prerequisite Tasks
Before using Breach Predictor, ensure that you've completed prerequisite tasks and that you can log in to the Breach Predictor Portal. To learn more, see Accessing and Navigating Zscaler Breach Predictor.
Close - Step 2: Assess the Security Threats to Your Organization
Breach Predictor uses easy-to-understand charts and tables to give you visibility into vast amounts of threat data across your organization. As you navigate the Breach Predictor Portal, you can use the interconnected data points to easily switch from macro to micro views of the data (i.e., clicking a threat family name on the Dashboard page takes you to the Events page with information about that particular threat family). You can use the following basic workflow to assess your threat risk:
- Evaluate Your Overall Breach Probability Score
Use the Overall Breach Probability score and explainability on the Dashboard page for an instant determination of the overall likelihood of a breach in your environment.
Close - Determine How Far Attacks Have Progressed
On the Dashboard page, use the various charts and tables to assess your organization’s placement within the MITRE ATT&CK framework during the period you specify.
To learn more, see Analyzing the Dashboard.
Close - Examine Data from Users at Risk
On the Findings page, you can see information about the malware families affecting your organization, as well as information about each user affected by each family. Breach Predictor lets you drill down to see data for each user.
Close - Determine the Attack Path for Malware Families Present in Your Organization
Also on the Findings page, use attack-path data to help you interpret what your threat placement means, and to determine whether a threat has already achieved a particular technique or whether its movement to that technique is probable or just possible.
Close - Use ThreatLabz Research to Assess the Overall Threat Landscape
On the Threat Landscape page, view cutting-edge data from Zscaler ThreatLabz about the biggest current security threats affecting customers across the globe.
Close
To learn more, see Accessing and Navigating Zscaler Breach Predictor.
Close - Evaluate Your Overall Breach Probability Score
- Step 3: Use Breach Predictor Findings to Remediate with Policy Recommendations
After you've examined the Breach Predictor data for your organization, you might need to remediate policies (i.e., URL Filtering). As you plan for remediation, you should always work from right to left in the MITRE ATT&CK matrix. As a threat moves further to the right in the matrix, your organization is at a higher risk of a data breach. Use the policy recommendations provided by Breach Predictor to log Jira tickets for policy updates.
To learn more, see Requesting Updates in Zscaler Breach Predictor and Evaluating a Security Issue with Breach Predictor.
Close