Using Protection Workspace to identify and remediate threats The Protection Workspace provides a visual representation of threat incidents in your environment and device compliance data, all from a single dashboard. You can quickly identify threats detected in the environment and seamlessly navigate to any impacted device to remediate the threat. The Protection Workspace is made up of several parts where you can view and react to threats: Threat Overview — View threat information across multiple categories. View the number of escalated devices to track devices that have encountered multiple threats and might require attention. Devices are escalated automatically based on the severity of the threats impacting the system. Select any value to see a more detailed view of the categories. Compliance Overview — View the status of security content and the individual products deployed in the environment. Devices are color-coded to indicate the security status (health) of the device. You can easily identify the systems that are up to date, or require an update or product deployment. Device view — View your devices by tags (default), as System Tree, or as a list. Use the search feature to quickly find a device. The Devices view changes depending on the device summary you select. If you selected Escalations, the pane displays all escalated devices. Navigating the Protection WorkspaceThe Protection Workspace is where you can see all potential threats on managed devices and respond to them. Threat Event workflow example The Protection Workspace provides a snapshot of your network's security status, allowing you to view key threats so you can investigate and determine a response. Apply Protection Workspace tags to systems Tag devices (systems) to escalate or exclude them from a compliance check.