Company Risk Score Report


Company Risk Score Report

The following conditions apply when accessing the Company Risk Score Report:

  • Risk scores are only calculated for organizations with Advanced Threat Protection (Available in the ZIA Business bundle and higher or sold separately).
  • Risk scores are calculated daily based on a 7-day moving window of risk events.
  • For a risk score to be calculated, there needs to be at least 100 "risky" users in the 7-day window. If there aren't at least 100 authenticated users in the organization, each of whom had at least one "risky" transaction within that window, then the risk score won't be computed for that day.
  • We're continuously refining the algorithms used to calculate your Company Risk Score, and to make the report more useful to you. 

About the Company Risk Score Report

The Company Risk Score Report allows organizations to monitor and assess their organizational, location, and user-level risk exposure. The report analyzes the various factors that contribute to an organization's risk score, which may include recent malware outbreaks, risky user behavior and other suspicious factors. Administrators can study how their users' and company's risk score has changed over time and compare their score against their industry peer and Zscaler cloud averages.

Risk scores are calculated daily for each user, location, and company. Each user's behavior is analyzed against three groups of risk factors: pre-infection behavior (ex. blocked access to malicious destinations or content), post-infection behavior (beaconing or command, and control communications), and suspicious behavior (ex. data leak policy blocks). Risky behavior will have an effect on the score for up to seven days from occurrence. Different risk factors will also bear different weight on the score. For example, an active infection is more severe than a blocked access attempt to a blocked destination. Unauthenticated users are excluded from calculations since transactions can't be associated with an identity.

The report can be viewed in the Admin Portal (Analytics > Company Risk Score).
See image.

Report Widgets

The report contains widgets that show the following information:

  • Your Risk Score Trend: This graph displays your daily risk score during a span of 7, 15, and 30 days. The trend won't be computed if there is a low number of authenticated users.
  • Current Risk Score: Your organization’s risk score, your industry vertical's average risk score, and the average risk score of all organizations.
  • Events Contributing to the Risk Score: This graph displays the events that contributed to the risk score. Threats Blocked includes transactions blocked because they were more likely to result in an infection, Suspicious Activity includes transactions that are potentially malicious, and Active Infections includes transactions that are suspected botnet callbacks.
  • Events Contributing to Current Risk Score: Displays the events that contributed to your current risk score.
  • Top Advanced Threats Trend: This graph displays the top advanced threats during a span of 7, 15, and 30 days.
  • Top Advanced Threats: This graph displays the current top advanced threats in percentages.
  • Distribution of Your User Risk Scores: This graph displays the percentage distribution of the risk scores for your authenticated users.
  • Distribution of Risk Scores for Your Industry: A summary and detailed view of the percentage of organizations in your industry vertical that have a higher risk score than yours. The Show Details section reveals the detailed view.
  • Distribution of Risk Scores for All Orgs: A summary and detailed view of the percentage of organizations in our cloud service that have a higher risk score than yours. The Show Details section reveals the detailed view.
  • Top Risky Users: The top risky users in your organization. We recommend further investigation of their activity.
  • Top Risky Locations: The top risky locations based on transactions by authenticated users. We recommend further investigation to ensure that all your users remain secure. This section won't be computed if there is a low number of authenticated users.
  • Top Locations with Unauthenticated Transactions: The risk score is computed based on authenticated user traffic. These locations have a high number of unauthenticated transactions and cannot have a risk score computed.

Screenshot of the Company Risk Score report