Learn about how your risk profile can help you understand your security posture and potential attack vectors in your attack surface.
Your Risk Profile helps you instantly understand your organization's security posture by providing your security rating over the last month, quarter, or year. To get there, navigate to Breach Risk > Risk Profile.
Below your security rating, we provide individual risk details across ten categories: IP and domain reputation, website, encryption, vulnerability management, attack surface, network, email, data leakage, DNS, and brand reputation.
Select Apply filters to filter your view of the Risk Profile by category, label, or finding.
In the Risk details section you can see the date a risk was first detected, the category, the number of assets affected, and the finding or issue that has been identified. By default, the most severe risks will appear first.
Check the status column to see the status of the risk, for example if it's in remediation.
Select any risk to get more detailed informatio, see the recommended remediation steps, and request remediation or waive the risk.
You can also request remediation or waive a risk from the main Risk Profile page, just select Manage risks and choose from one of the dropdown options.
Your Risk Profile and Subsidiaries
If you have Subsidiaries as part of your plan, you'll also be able to toggle the inclusion of your subsidiaries in your risk profile by clicking Organization and subsidiaries.
When you toggle the inclusion of your subsidiaries on your risk profile it will open up a view that is similar to Portfolio Risk Profile but focused solely on your subsidiaries.
This view summarizes all identified risks found across your organization and its subsidiaries. Each identified risk includes a severity, name, risk type, category, and the number of companies impacted.
Note: Even though risks from your organization and its subsidiaries are rolled up into one view, each entity still has its own entity score. That is, your score does not factor in any of your subsidiaries' scores.
By default, findings are sorted by severity, with critical items at the top. This is great if you want to understand the shared risks across your organization and its subsidiaries. For example, if you wanted to find all the organizations who don't have SSL available, go to Apply filters > Risk category > Encryption.
From here you can click on the risk to see the companies that are triggering the risk. This view shows the companies that trigger the risk, their security rating, and their individual domains that have the risk.
To view the individual domains that trigger the risk, click on the organization you wish to view the domains for and you will see the details.
See also: