The Remediation Performance report presents remediation KPIs such as MTTR (Mean Time to Remediation), average daily remediated/introduced vulnerabilities, campaign coverage stats, remediation across business groups, MTTR stats, and more. The report generates a wide perspective on the remediation workload capacity in your organization so you can better evaluate and estimate your remediation pace and performance. Use the "Filters" pane on the right to focus your report, click on a specific data element to filter the entire report or to access more data, and hover over a widget for more actions and info.

First, make sure you cover the Reports (Analytics) Filters and Data Drilling to learn about the expected behavior of the trends and presented data.

The Remediation KPIs are the first and main widgets you encounter when entering the Remediation Performance report.

What does each KPI represent?

Percentage of findings (instances) with remediation campaigns over time by Risk Level. You should strive to have Critical/High-risk vulnerabilities in remediation campaigns.

Using the "Has Campaign" filter

We've also added a special filter called "Has Campaign" to help you view data only on findings (instances) covered by campaigns. In the example below, we use the "Has Campaign" filter and the Risk Level filter to show valuable data, such as MTTR, only on High Risk Level findings (instances) covered by campaigns.

Count of average daily remediation by business groups and how their rank shifts (Current vs. Previous Rank). The more remediations done on findings (instances) in a Business Group, the higher the rank climbs for that Business Group.

Strive for a higher remediation count for the Business Groups with the most critical impact.

"Mean Time To Remediate" is an industry-standard KPI used to refer to remediation progress. In this context, it represents the average time in days it takes to remediate findings (instances) per Business Group. The days count starts when the vulnerability is "first seen" in Vulcan Cyber ExposureOS, and sometimes the in the connector when we receive this data, and ends when remediation is completed.

The lower the MTTR, the better the Business Group is doing regarding the time it takes to remediate vulnerabilities. High MTTR indicates that the findings (instances) in this Business Group take the most time to remediate.

Count of MTTR in days over time. This graph shows how the "Mean Time to Remediation" changes over time. Lower MTTR indicates faster remediation. You can use the data-drilling buttons to drill up and down.

"Mean Time To Remediate" is an industry-standard KPI used to refer to remediation progress. In this context, it represents the average time in days it takes to remediate findings (instances), distributed by Risk Level. The days count starts when the vulnerability is "first seen" in Vulcan Cyber ExposureOS, sometimes the in the connector when we receive this data, and ends when remediation is completed.

Strive to keep your MTTR as low as possible, particularly on High and Critical risk level. Lower MTTR indicates faster remediation.

Tip: Click on a severity level to present more focused data across the other MTTRs.

MTTR by Risk (focused view).

"Mean Time To Remediate" is an industry-standard KPI used to refer to remediation progress. In this context, it represents the average time in days it takes to remediate findings (instances), distributed by Asset Type. The days count starts when the vulnerability is "first seen" in Vulcan Cyber ExposureOS, and sometimes the in the connector when we receive this data, and ends when remediation is completed.

Strive to keep your MTTR as low as possible, particularly on asset types of most interest and impact (Such as AppSec assets, i.e., Code Projects and Websites).

An insight into the MTTR difference between findings (instances) with campaigns and those without. Campaigns lower the MTTR of the organization and significantly increase remediation.

Count of newly introduced findings (instances) (i.e., newly identified by the Vulcan Cyber ExposureOS platform) vs. remediated findings (instances) with and without campaigns. The delta between newly introduced and remediated vulnerabilities shows the remediation program's capacity versus its workload. If there are consistently more new campaigns than remediated, the workload exceeds the available capacity.

Percentage of remediation capacity (Remediated / Introduced = capacity) per Risk Level. The percentage shows the remediation program's capacity dedicated to each risk level.

Percentage of remediation capacity (Remediated / Introduced = capacity) per Asset Type. The percentage shows the remediation program's capacity dedicated to each asset type.

Read our Reports (Analytics) FAQ and Data Validation article here.