Introduction

The Security Posture Dashboard provides comprehensive visibility into your infrastructure's security health through real-time monitoring and risk assessment. This centralized view aggregates security signals across your cloud environment to help you identify, prioritize, and remediate security gaps before they become incidents.

Unlike traditional security tools that generate overwhelming alert volumes, our dashboard contextualizes security data to surface actionable insights. Each visualization is designed to answer a specific security question and guide you toward concrete remediation steps, enabling both security teams and operations engineers to maintain a strong security posture without specialized expertise.

Key Features

Multi-Layer Security Monitoring

• Endpoint Protection Visibility: Real-time status of EPP (Endpoint Protection) and EDR (Endpoint Detection and Response) coverage across your virtual machines
• Expiration Tracking: Automated monitoring of certificate expiration and compliance deadlines with advance warning
• Configuration Validation: Identifies risky firewall rules, exposed services, and misconfigured security controls
• WAF Protection Status: Load balancer configurations and Web Application Firewall policy enforcement monitoring

Common Use Cases

Security Operations Teams

• Monitoring Security Metrics: Review coverage percentages (EPP/EDR) and exposed VMs to identify gaps requiring immediate attention
• Certificate Lifecycle Management: Track certificate expiration timelines to schedule renewals before service disruptions occur
• Firewall Rule Audits: Identify risky port configurations that expose administrative or database services to broader networks

Delivery & Infrastructure Engineers

• Deployment Validation: Verify new VMs have EPP and EDR installed, and certificates are properly configured.
• Infrastructure Hardening: Review exposed VM list to ensure only intended services are publicly accessible.
• WAF Policy Management: Monitor load balancer configurations to confirm traffic is encrypted and WAF is enabled and in Blocking mode

Understanding Your Security Posture

Dashboard Overview

The Security Posture Dashboard consists of core widgets organized into multiple security coverage metrics, network security controls, infrastructure configuration, and operational status. All data shown is scoped by tenant selection, and can be filtered by Business Group.

Under the majority of widgets, you can dive deeper into their insights by clicking on the external link icon to get redirected to the related product page. 

Widget Reference Guide
 

1. EPP Coverage

EPP (Endpoint Protection) Coverage shows the percentage of your powered-on virtual machines with antivirus/anti-malware protection (with status either Online or Not Applicable). This metric reveals gaps in your first line of defense against malware, ransomware, and other endpoint-based threats. Low coverage indicates vulnerable endpoints that attackers can easily compromise without detection.

How to Address This Risk:

1. Identify Unprotected VMs: Click the metric to get redirected to EPP Status widget and view which VMs lack EPP protection, and prioritize by criticality (internet-facing web/application servers, database servers, jump boxes first; development/testing environments lower priority)
2. Install EPP Agent: Install the agent from Cloud Portal, by following this guide. Alternatively, raise a ticket to Cloud Support to help you with the process of installation.

2. EDR Coverage

EDR (Endpoint Detection and Response) Coverage indicates the percentage of powered-on VMs with advanced threat detection, investigation, and response capabilities (with status either Online or Not Applicable). EDR offers behavioral analysis, threat hunting, and forensic investigation tools essential for detecting sophisticated attacks that bypass traditional antivirus.

How to Address This Risk:

1. Identify Unprotected VMs: Click the metric to get redirected to EDR Status widget and view which VMs lack EDR protection, and prioritize by criticality (internet-facing web/application servers, database servers, jump boxes first; development/testing environments lower priority)
2. Install EDR Agent: Install the agent from Cloud Portal, by following this guide. Alternatively, raise a ticket to Cloud Support to help you with the process of installation.

3. Exposed VMs

What Risk Does This Communicate?

This metric indicates the count of virtual machines with public IP addresses, and open incoming firewall rules from the internet with source as ANY. Exposed VMs represent your attack surface - any vulnerability on these systems can be exploited by attackers worldwide without needing to breach your network perimeter first.

How to Address This Risk:

1. Exposure Justification Review: Click the widget to get redirected to view "Exposed VMs" table. For each VM, determine if internet exposure is required, if this is the correct VM to expose (should traffic route through load balancer instead?), and if all security controls are in place.

Remediation Options:

1. Option 1 (Preferred) - Remove public IP and route traffic through load balancer with WAF protection 
2. Option 2 - Restrict access with firewall rules to specific source IPs only or apply geo restriction.

4. Overview (Multi-Domain Risk Visualization)

What Risk Does This Communicate?

The Overview chart provides a visual summary of security findings across five key domains: SSL Certificates, Firewall Rules (Ports), WAF Coverage, Load Balancer Public Traffic, and Users. Each stacked bar uses green and red color coding to indicate risk severity within that domain, with green representing compliant/secure configurations and red indicating issues requiring attention.

This widget serves as your "security at a glance" view, allowing you to quickly identify which security domains have the most critical issues requiring investigation.

Risk Indicators:

• Predominately red bars: Critical security gaps in that domain requiring immediate remediation
• Large red segments: High volume of security issues suggesting systematic problems rather than isolated incidents
• Multiple domains showing red: Widespread security management challenges indicating insufficient security processes or resources

How to Address This Risk:

1. SSL Certificates: Red portion indicates expired certificates, potentially causing service disruptions and breaking user trust. Click bar to drill into "Certificates Status" table below for specific expired certificates.
2. Firewall Rules: Red portion indicates risky firewall rule configurations exposing administrative services. Click bar to drill into "Risky Firewall Ports" widget to dive deeper into the service categories.
3. WAF Coverage: Red portion indicates published load balancers without WAF protection. Click bar to drill into "WAF and Public Load Balancer Configurations" widget for more details.
4. LB Public Traffic: Large red portion indicates significant plaintext traffic load balancers with no SSL Certificates. Assign SSL Certificates and use secure services like HTTPS, FTPS, SMTPS and TLS, for a secure connection.
5. Users: Red portion indicates inactive or dormant user accounts. Click bar to drill into "Users Overview" widget for users with "Never" last login status, implement periodic access reviews.

5. Risky Firewall Ports

What Risk Does This Communicate?

This widget identifies firewall rules that permit traffic on ports commonly associated with security risks within Virtual Machines and Load Balancers. The visualization breaks down risky ports by service category.

• Administrative & Remote Access Protocols
  • Ports: SSH (tcp/22), RDP (tcp/3389), Telnet (tcp/23), VNC (tcp/5900)
  • Risk: Direct remote system access enabling privilege escalation, lateral movement, and full system compromise through credential attacks and protocol vulnerabilities.
• Database Services
  • Ports: MSSQL (tcp/1433, tcp/1434), MySQL (tcp/3306), PostgreSQL (tcp/5432)
  • Risk: Direct database access leading to data theft, manipulation, and destruction. Highly targeted by attackers for sensitive data extraction and ransomware deployment.
• File Transfer & Sharing Protocols
  • Ports: FTP (tcp/21), SMB (tcp/445, udp/445, tcp/137-139, udp/137-139)
  • Risk: Unauthorized file access, data exfiltration, and malware distribution. SMB particularly vulnerable to worm propagation and lateral movement attacks.
• Email Services
  • Ports: SMTP (tcp/25)
  • Risk: Email system compromise enabling spam distribution, phishing campaigns, and business email compromise (BEC) attacks.
• Web Application Services
  • Ports: HTTP (tcp/80)
  • Risk: Web application attacks including injection, application-layer DDoS, and eavesdropping. Entry point for most web-based exploits.
• Network Infrastructure Services
  • Ports: DNS (tcp/53, udp/53)
  • Risk: DNS poisoning, cache poisoning, and DDoS amplification attacks. Critical infrastructure service disruption affecting all dependent services.
• Unrestricted Network Access
  • Ports: All TCP (tcp/1-65535), All UDP (udp/1-65535)
  • Risk: Complete network exposure enabling reconnaissance, service enumeration, and attacks against any running service. Maximum attack surface exposure.

How to Address This Risk:

1. Administrative & Remote Access Ports: Remove direct internet access across all administrative access and utilize a secure access mechanism such as SITE Light PAM that enforces the use of strong authentication, limited access, secure protocols, audit trails, session recordings, and segmentation.
2. Database Services: Remove direct internet access to DB services and implement A three-tier application architecture.
3. File Transfer & Sharing Protocols: Utilize an encrypted protocol rather than plain text (e.g., FTP to SFTP) and utilize secure versions e.g., SMB 3.1.1 (or newer) for its superior security (encryption, pre-authentication integrity), and restrict access to specific IPs.
4. Email Services: Ensure you have deployed a secure mail gateway like SITE Cloud's Secure Mail Gateway to protect your organization's mail servers and users' inboxes.
5. Web Application Ports: Move all public web traffic through load balancers with WAF enabled, ensure HTTPS-only.
6. Network Infrastructure Services: Implement DNSSEC to prevent cache poisoning and DNS spoofing.
7. Unrestricted Network Access: Delete the rule and only expose the needed services in separate firewall rules with clear business justification.
    

6. Certificates Status

What Risk Does This Communicate?

This table provides detailed visibility into individual SSL/TLS certificates deployed across your load balancers, showing the common name, number of load balancers using each certificate, and current expiration status. This granular view is essential for prioritizing renewal efforts and understanding the blast radius if a certificate expires.

How to Address This Risk:

1. Expired Certificates: Determine if production or test environment, obtain new certificates immediately, test installation in staging first for production certificates
2. 90-Day Until Expiration: Begin renewal process, especially the ones utilized by multiple load balancers.

7. WAF and Public Load Balancer Configurations

What Risk Does This Communicate?

This widget monitors two critical security aspects of your public-facing infrastructure: (1) whether Web Application Firewall (WAF) protection is active and blocking attacks, and (2) whether traffic is encrypted in transit.

It's recommended to have enabled WAF and in blocking mode for published load balancers to mitigate possible attacks.

Risk Indicators:

• Transparent mode: WAF monitors but doesn't block attacks
• Disabled WAF: Exposed and unprotected load balancer
• Plaintext traffic: Data transmitted unencrypted, vulnerable to interception
• Few protected load balancers: Inconsistent security posture

How to Address This Risk:

1. Enable WAF: For all load balancers with disabled WAF, enable WAF and select a WAF policy, make sure it's in Blocking mode if no learning is required.
2. Transparent WAF: For load balancers with WAF in transparent mode, make sure that sufficient learning is done, and immediately change its enforcement mode to Blocking.
3. Fix Plaintext Traffic: Implement HTTP-to-HTTPS redirect, or disable listening on HTTP entirely.
4. Review WAF Policy Regularly: Validate policy learning suggestions and refine as needed.

8. Users Overview

What Risk Does This Communicate?

This table lists user accounts with their last login status. Dormant accounts represent unnecessary access risk, potential for compromised credentials, and compliance concerns.

Risk Indicators:

• High "Never" Logged-in count: Many accounts created but never used
• Long-inactive accounts (≥ 45 days): Potential departed employees retaining access, possible risk

How to Address This Risk:

1. Identify Dormant Accounts: Review all users showing "Never" or 45+ days inactive status. Cross-reference with HR systems to identify departed employees, unused service accounts, and inactive contractors.
2. Cleanup Actions: Deactivate accounts for departed employees immediately, and "Never" used accounts, reset passwords for inactive accounts before re-enabling.
3. Ongoing Governance: Implement quarterly access reviews where managers revalidate team member access.

Recommended Review Cadence

• Daily: Check for expired certificates, new exposed VMs, offline EPP/EDR agents
• Weekly: Review risky firewall ports, certificate expirations within 90 days
• Monthly: Full dashboard review covering all widgets
• Quarterly: Access reviews