Skip to main content
Security Performance Management
Continuous Monitoring
Vendor Risk Management
Trust Management Hub
Cyber Insurance
National Cybersecurity

Security Performance Management Application

Ingrid

The Security Performance Management application is optimized for Security Performance Management (SPM) workflows.

  • Use the app-switcher.png App Switcher, located at the top of the left navigation menu, to toggle between applications.
  • The context switcher dropdown, located in the top actions bar, allows you to select from your subscribed subsidiaries in your Rating Tree or your most recently viewed companies.
    • The data on the functional pages is synced for that selected company.
    • A subset of pages are available for Total Risk Monitoring or Risk Monitoring subscriptions.
    • The context switcher may be blank if the page data is not driven off of a specific company's data.

SPM Navigation Overview

Use the collapse.png toggle, on the bottom left, to expand or collapse the menu at any time to get a wider view of the data.

Dashboard

Menu Icon: menu-dashboard.png Dashboard

Highlights recent changes to your organization’s Bitsight Security Ratings and supporting data (e.g., ratings, new findings, and infrastructure changes).

Organization

Menu Icon: menu-organization.png Organization

View your ratings tree, access rating details of entities in your organization, and tools that showcase the rating.

Company Details

Company Details shows the selected company’s security rating overview and company information.

Rating Details

Rating Details provides a breakdown of the selected company’s risk, drilling into the individual risk vectors.

Ratings Tree

The Ratings Tree depicts your organization’s company hierarchy within the Bitsight platform.

My Company List

The My Company List shows any subscribed entity within the My Company.

Subsidiaries

Access Enterprise Analytics, which allows you to better understand your Ratings Tree, from the Subsidiaries page.

Assessments

Use the Assessments page to automatically assess your organization’s risk vector grades against control frameworks.

Bitsight Badge

Use the Bitsight Badge to share your My Company’s or primary’s Bitsight Security Rating with your customers, prospects, and stakeholders. Proactively sharing your rating increases transparency and showcases the strength of your cybersecurity performance program.

Findings

Menu Icon: menu-findings-spm.png Findings

Prioritize, manage, and monitor risks in your external attack surface, including findings that affect the rating.

Findings Table

The Findings Table presents your findings, which are the culmination of observed internet traffic and configurations, and their details. This provides a single place to sort, filter, analyze, comment on, track remediation efforts, and export Bitsight findings.

Issue Tracking

The Issue Tracking page is remediation dashboard that provides an overview of the current state of your issue tracking process for one of your companies.

Vulnerability Detection

Vulnerability Detection shows vulnerabilities affecting your My Company and your My Subsidiaries.

Attack Surface

Menu Icon: menu-attack-surface.png Attack Surface

Details on your assets and their attribution to your company.

Infrastructure

Use the Infrastructure page to:

  • See externally-facing infrastructure (Assets that are attributed to the organization).
  • Report missing infrastructure.
  • Set an end date for the association.

Attack Surface Analaytics

Attack Surface Analytics provides insight into your organization’s external digital footprint.

Work From Home

Use Work From Home to search for findings that might introduce risk to your organization via IP addresses.

Cloud Infrastructure Sync

Cloud Infrastructure Sync automatically updates your cloud IP footprint daily.

Third Party Assets

The Third Party Assets page shows third-party assets (IP addresses and domains), providing a resilient view of your extended attack surface.

Action Plans

Menu Icon: menu-action-plans.png Action Plans

Keep track of actions you are taking:

  • Forecast how the rating for your company or subsidiary might change over time.
  • See remediation steps that have the greatest impact on your overall rating.
  • Access your Collaboration Inbox.

Risk Remediation

Use Risk Remediation to manage risk remediation plans (RRP). A plan lists and prioritizes findings that can be fixed to improve certain risk vector grades. Plans are designed to identify and remediate high-impact findings with the goal of reaching an A grade.

Forecasting

Forecasting generates a forecast to help you improve the rating.

Subsidiary Improvement

Subsidiary Improvement provides a guideline for prioritizing your remediation efforts, providing the magnitude of impact that the subsidiary/risk vector has on the parent rating.

Control Insights

Control Insights identifies gaps in security controls. Control Insights uses automatic, intelligent analysis of the already collected externally observable telemetry to generate insights on whether your security controls appear to be performing effectively or ineffectively.

Financial Quantification

Financial Quantification measures your organization’s financial exposure across various cyber events and impact scenarios.

Peer Comparison

Menu Icon: menu-peer-comparison.png Peer Comparison

Compare the currently selected subsidiary against companies you’ve chosen for benchmarking or for comparison against risk vectors.

Peer Analytics

Peer Analytics is your Peer Analytics dashboard, which provides an objective, data-driven comparison between companies and peer groups.

Benchmarking

Use Benchmarking to benchmark a specific group of companies against your organization, or if you have a My Subsidiary subscription, you can benchmark your subsidiaries.

Risk Vectors

Risk Vectors provides a detailed comparison of risk vector performance.

Collaboration

Menu Icon: menu-collaboration.png Collaboration

Address collaboration invitations from third parties via the Client/Vendor Access Program. See details of your access, collaboration history, and the reasoning for the request to collaborate.

Alerts

Menu Icon: menu-alerts.png Alerts

Ease your workload with automated and customized notifications. Get alerted on specific security performance changes in your extended organization so you can take immediate action on ratings changes, infections, or vulnerabilities impacting your company or subsidiary.

Configured Alerts

Use Configured Alerts to review previously-defined SPM alerts and define new ones.

Alert Logs

Review triggered alerts in Alert Logs. It includes a table that displays details about each alert, including any findings associated with it.

Infections

Use Infections to get alerted on Botnet Infection events that occur within your company’s infrastructure. Identify infections as they occur, maintain business continuity, and better prioritize threats.

Subsidiaries (Legacy)

Subsidiaries is a legacy page. It is being replaced by Configured Alerts and Alert Logs. Monitor rating changes in your Ratings Tree.

Reports

Menu Icon: menu-reports.png Reports

Summarized security program status and trends for distribution to your board, team, key stakeholders, and subsidiaries.

  • February 4, 2025: Third Party Assets page.
  • October 28, 2024: Updated the menu sorting. See change details.
  • October 21, 2024: More info about the context switcher.

Related articles

Feedback

0 comments

Please sign in to leave a comment.