- Generating this Report
- Reading this Report
- Downloading this Report
- Additional Resources
This report only includes companies with a Total Risk Monitoring subscription.
This report shows the concentration of vulnerabilities across your portfolio; it illustrates how portfolio exposure to known vulnerabilities has changed over time and includes a list of companies affected by CISA known exploited vulnerabilities.
With this report, you can:
- review known vulnerabilities and their concentration in your portfolio;
- focus your remediation efforts on the vulnerabilities that organizations like CISA and the NSA deem critical.
Generating this Report
Reading this Report
The Portfolio Vulnerabilities Report has two tabs:
- Portfolio Vulnerabilities: surface vulnerability metrics for your Total Risk Monitoring portfolio.
- CISA Known Exploited Vulnerabilities: surface companies that are affected by CISA known exploited vulnerabilities that are visible in Bitsight.
This report can be filtered to highlight different subsets of data. Narrowing the scope of the report with filters allows you to explore and address risk in specific areas of your portfolio.
The Portfolio Vulnerabilities Tab
This tab surfaces vulnerabilities found at your portfolio companies based on filters you select. It includes:
- portfolio metrics on the number and type of vulnerabilities present in your portfolio;
- a breakdown of vulnerabilities based on company industry, tier, and folder;
- a Vulnerabilities table that lists the most common vulnerabilities in your portfolio; and,
- a Companies with Vulnerabilities table that lists your portfolio companies based on the number of vulnerabilities detected.
Clicking on a vulnerability in the Vulnerabilities table filters the Companies with Vulnerabilities table to show only that vulnerability; clicking on a company in the Companies with Vulnerabilities table opens its Findings Page in a new tab.
The CISA Known Exploited Vulnerabilities Tab
This tab surfaces companies affected by CISA known exploited vulnerabilities that are visible within Bitsight. By default, the table sorts companies alphabetically by name with their industry, Bitsight rating, and a list of CVEs affecting them. This tab can be filtered by CVE, company name, tier, and industry.
Downloading this Report
This report can be downloaded as a .csv, .png, or .pdf file. To download the report, select the Download button in the upper right corner of the report.
This report is not saved in the Bitsight platform, can’t be Quick Shared, and can’t be scheduled ahead of time. To use this report for benchmarking, download a new version each month and save it for future reference.