How to use subsidiaries to monitor your organization's attack surface

Learn how UpGuard can help you monitor your subsidiaries for common attack vectors and other cybersecurity risks.


Written by Abi Tyas Tunggal

UpGuard's subsidiaries feature lets you monitor your organization and its subsidiaries.

When you land on subsidiaries, you'll see a tree view that lists your subsidiaries, their primary domain, and their security rating. The tree view presents a hierarchical view of your organization, allowing each subsidiary to be expanded or collapsed to show or hide their own subsidiaries where applicable.

To expand a branch, click on the + icon to the left of the subsidiary's name. To close a branch, click on the - icon to that replaces the + icon when the branch is expanded. Subsidiaries with no children will display a circle to the left of their name with no icon.

Clicking on a subsidiary's name (or the rest of the row) will take you to their risk profile and open up a sub-menu in the sidebar under Subsidiaries. This is similar to opening a vendor in Vendors.

From the subsidiary's risk profile, you can view their identified risks over the last 1 month, 3 months, or year. You can dive deeper by clicking on Domains & IPs, Vulnerabilities, and Subsidiaries (if applicable) in the sidebar and you can request remediation by clicking on Remediation.

In addition to this, you can also toggle the inclusion of the subsidiary's subsidiaries on the risk profile by clicking on Company and subsidiaries. This will open up a view that is similar to Portfolio Risk Profile but focused solely on the subsidiary and its subsidiaries. Note: You can also view your entire organization and its subsidiaries from your Risk Profile under Executive Summary.

This view summarizes all identified risks found across the subsidiary and its subsidiaries. Each identified risk includes a severity, name, risk type, category, and the number of companies impacted.

By default, findings are sorted by severity, with critical items at the top. This is great if you want to understand the shared risks across your organization and its subsidiaries. For example, if you wanted to find all the organizations who were didn't have SSL available, you could click on Apply filters in the top right corner of your screen and then filter by website security in Filter by risk category.

From here you can click on the risk to see the companies that are triggering the risk. This view shows the companies that trigger the risk, their security rating, and their individual domains that have the risk.

To view the individual domains that trigger the risk, click on the organization you wish to view the domains for. In this example, I have clicked on Example Holdings.



See Also