The SPR report helps you understand how vulnerability response activities impact your security posture and its criticality to successful risk management. As critical vulnerabilities are remediated, the SPR is automatically adjusted to show your new overall risk. Because it is calculated by intelligent asset groupings, when an asset’s vulnerabilities are remediated, the overall security posture improves. The SPR (Security Posture Rating) report reflects your organization’s attack surface and cyber risk, analyzing your security posture rating over time.

Use the Filters pane on the right to focus your report, click on a specific data element to filter the entire report or to access more data, and hover over a widget for more actions and info.

First, make sure you cover the Report (Analytics) Filters and Data Drilling to learn about the expected behavior of the trends and the presented data.

The Risk KPIs are the first and main widgets you encounter when entering the SPR report.

What does each KPI represent?

A list of most SPR-compliant business groups and their shift in rank (Current vs. Previous Rank). For a Business Group to be compliant, its assets' maximum risk score must be below the defined SPR risk threshold. The higher the SPR, the more compliant the Business group is.

A list of the most vulnerable business groups and their shift in rank (Current vs. Previous Rank). For a Business Group to be vulnerable and get a high vulnerability rank, its count of findings (instances) must be higher than the other business groups. Pay attention to high-impact Business groups with a high count of findings (instances).

Percentage of assets with a maximum risk score below the defined SPR risk threshold over time, i.e., the percentage of assets that comply with your security posture policy and change in % over time. You can use the data-drilling buttons to explore the data further.

Note: When the retrieved vulnerability CVSS score is either 0, undefined or falls outside the valid range (a float between 0 and 10), Vulcan Cyber ExposureOS retrieves the CVSS score from the cloud. In instances where both cloud and native sources lack a CVSS score, a default value of 0 is applied.

Use the attack surface report to learn about the risk changes on assets that affected the SPR changes you observed over time. Read more here on the Attack Surface Report feature.

A list of the top 13 Unique Vulnerabilities and their Risk Mass, sorted by the highest risk mass to the lowest. The risk mass of a unique vulnerability = the risk mass sum of all findings (instances).

A view of the SPR KPIs over time. Select/unselect Vulnerabilities, Assets, and Risk Mass to focus on a single trend or all three trends in correlation over time. Data-drill-down buttons allow deeper views into the data.

Percentage of findings (instances) by Risk Level (None, Low, Medium, High, and Critical).

​

Percentage of findings (instances) by Risk Level (None, Low, Medium, High, and Critical) over time. Data-drill-down buttons allow deeper views into the data.

Percentage of SPR compliance by asset type (Cloud, Host, Code Project, Website, and Image).

View the percentage of SPR per asset type over time (Cloud, Host, Code Project, Website, and Image). Use the data-drilling buttons to explore the data further.

Percentage of assets compliant with their EOL date by OS and Risk Level.

Count of assets that reached their EOL date over time by risk level.

Read our Reports (Analytics) FAQ and Data Validation article here.

​