The Security Performance Management application is optimized for Security Performance Management (SPM) workflows.
- The context switcher dropdown, located in the top actions bar, allows you to select from your subscribed subsidiaries in your Rating Tree or your most recently viewed companies.
- The data on the functional pages is synced for that selected company.
- A subset of pages are available for Total Risk Monitoring or Risk Monitoring subscriptions.
- The context switcher may be blank if the page data is not driven off of a specific company's data.
Navigation Menu
Menus
Dashboard
Highlights recent changes to your organization’s Bitsight Security Ratings and supporting data (e.g., ratings, new findings, and infrastructure changes).
Organization
View your ratings tree, access rating details of entities in your organization, and tools that showcase the rating.
Company Details
Company Details shows the selected company’s security rating overview and company information.
Rating Details
Rating Details provides a breakdown of the selected company’s risk, drilling into the individual risk vectors.
Ratings Tree
The Ratings Tree depicts your organization’s company hierarchy within the Bitsight platform.
My Company List
The My Company List shows any subscribed entity within the My Company.
Subsidiaries
Access Enterprise Analytics, which allows you to better understand your Ratings Tree, from the Subsidiaries page.
Assessments
Use the Assessments page to automatically assess your organization’s risk vector grades against control frameworks.
Bitsight Badge
Use the Bitsight Badge to share your My Company’s or primary’s Bitsight Security Rating with your customers, prospects, and stakeholders. Proactively sharing your rating increases transparency and showcases the strength of your cybersecurity performance program.
Findings
Prioritize, manage, and monitor risks in your external attack surface, including findings that affect the rating.
Findings Table
The Findings Table presents your findings, which are the culmination of observed internet traffic and configurations, and their details. This provides a single place to sort, filter, analyze, comment on, track remediation efforts, and export Bitsight findings.
Issue Tracking
The Issue Tracking page is remediation dashboard that provides an overview of the current state of your issue tracking process for one of your companies.
Vulnerability Detection
Vulnerability Detection shows vulnerabilities affecting your My Company and your My Subsidiaries.
Attack Surface
Details on your assets and their attribution to your company.
Infrastructure
Use the Infrastructure page to:
- See externally-facing infrastructure (Assets that are attributed to the organization).
- Report missing infrastructure.
- Set an end date for the association.
Attack Surface Analaytics
Attack Surface Analytics provides insight into your organization’s external digital footprint.
Work From Home
Use Work From Home to search for findings that might introduce risk to your organization via IP addresses.
Cloud Infrastructure Sync
Cloud Infrastructure Sync automatically updates your cloud IP footprint daily.
Third Party Assets
The Third Party Assets page shows third-party assets (IP addresses and domains), providing a resilient view of your extended attack surface.
Action Plans
Keep track of actions you are taking:
- Forecast how the rating for your company or subsidiary might change over time.
- See remediation steps that have the greatest impact on your overall rating.
- Access your Collaboration Inbox.
Risk Remediation
Use Risk Remediation to manage risk remediation plans (RRP). A plan lists and prioritizes findings that can be fixed to improve certain risk vector grades. Plans are designed to identify and remediate high-impact findings with the goal of reaching an A grade.
Forecasting
Forecasting generates a forecast to help you improve the rating.
Subsidiary Improvement
Subsidiary Improvement provides a guideline for prioritizing your remediation efforts, providing the magnitude of impact that the subsidiary/risk vector has on the parent rating.
Control Insights
Control Insights identifies gaps in security controls. Control Insights uses automatic, intelligent analysis of the already collected externally observable telemetry to generate insights on whether your security controls appear to be performing effectively or ineffectively.
Financial Quantification
Financial Quantification measures your organization’s financial exposure across various cyber events and impact scenarios.
Peer Comparison
Compare the currently selected subsidiary against companies you’ve chosen for benchmarking or for comparison against risk vectors.
Peer Analytics
Peer Analytics is your Peer Analytics dashboard, which provides an objective, data-driven comparison between companies and peer groups.
Benchmarking
Use Benchmarking to benchmark a specific group of companies against your organization, or if you have a My Subsidiary subscription, you can benchmark your subsidiaries.
Risk Vectors
Risk Vectors provides a detailed comparison of risk vector performance.
Collaboration
Address collaboration invitations from third parties via the Client/Vendor Access Program. See details of your access, collaboration history, and the reasoning for the request to collaborate.
Alerts
Ease your workload with automated and customized notifications. Get alerted on specific security performance changes in your extended organization so you can take immediate action on ratings changes, infections, or vulnerabilities impacting your company or subsidiary.
Configured Alerts
Use Configured Alerts to review previously-defined SPM alerts and define new ones.
Alert Logs
Review triggered alerts in Alert Logs. It includes a table that displays details about each alert, including any findings associated with it.
Infections
Use Infections to get alerted on Botnet Infection events that occur within your company’s infrastructure. Identify infections as they occur, maintain business continuity, and better prioritize threats.
Subsidiaries (Legacy)
Subsidiaries is a legacy page. It is being replaced by Configured Alerts and Alert Logs. Monitor rating changes in your Ratings Tree.
Reports
Summarized security program status and trends for distribution to your board, team, key stakeholders, and subsidiaries.
- February 4, 2025: Third Party Assets page.
- October 28, 2024: Updated the menu sorting. See change details.
- October 21, 2024: More info about the context switcher.
Feedback
0 comments
Please sign in to leave a comment.