Security Performance Management
Continuous Monitoring
Cyber Insurance
National Cybersecurity

Articles in this section

Portfolio Vulnerabilities Report

Avatar
Jessica
Follow
Publication Date – August 17, 2022

⇤ Reports

Navigation

This report only includes companies with a Total Risk Monitoring subscription.

Overview

This report shows the concentration of vulnerabilities across your portfolio; it illustrates how portfolio exposure to known vulnerabilities has changed over time and includes a list of companies affected by CISA known exploited vulnerabilities.

With this report, you can:

  • review known vulnerabilities and their concentration in your portfolio;
  • focus your remediation efforts on the vulnerabilities that organizations like CISA and the NSA deem critical.

Generating this Report

  1. Go to the The Reports menu icon Reports page.
  2. Mouseover the Portfolio Vulnerabilities card and select Create. The report is automatically generated.
  3. Use the tabs at the top of the report to view specific groupings of data.
  4. Use the filters on each tab to narrow the data presented.

Reading this Report

The Portfolio Vulnerabilities Report has two tabs:

  • Portfolio Vulnerabilities: surface vulnerability metrics for your Total Risk Monitoring portfolio.
  • CISA Known Exploited Vulnerabilities: surface companies that are affected by CISA known exploited vulnerabilities that are visible in Bitsight.

This report can be filtered to highlight different subsets of data. Narrowing the scope of the report with filters allows you to explore and address risk in specific areas of your portfolio.

The Portfolio Vulnerabilities Tab

This tab surfaces vulnerabilities found at your portfolio companies based on filters you select. It includes:

  • portfolio metrics on the number and type of vulnerabilities present in your portfolio;
  • a breakdown of vulnerabilities based on company industry, tier, and folder;
  • a Vulnerabilities table that lists the most common vulnerabilities in your portfolio; and,
  • a Companies with Vulnerabilities table that lists your portfolio companies based on the number of vulnerabilities detected.

Clicking on a vulnerability in the Vulnerabilities table filters the Companies with Vulnerabilities table to show only that vulnerability; clicking on a company in the Companies with Vulnerabilities table opens its Findings Page in a new tab.

The CISA Known Exploited Vulnerabilities Tab

This tab surfaces companies affected by CISA known exploited vulnerabilities that are visible within Bitsight. By default, the table sorts companies alphabetically by name with their industry, Bitsight rating, and a list of CVEs affecting them. This tab can be filtered by CVE, company name, tier, and industry.

Downloading this Report

This report can be downloaded as a .csv, .png, or .pdf file. To download the report, select the Download button in the upper right corner of the report.

This report is not saved in the Bitsight platform, can’t be Quick Shared, and can’t be scheduled ahead of time. To use this report for benchmarking, download a new version each month and save it for future reference.

Additional Resources

Portfolio Vulnerabilities Report

Related articles