Executive overview

The SCO read-only thesis, pointed at security posture: vulnerabilities, identity, exposure, patching, and incidents - observed across your security and identity systems to surface risk and drift, not to run your defenses.

What this is, and what it is not. A preview of a planned domain, not a live product. In production it would sit read-only on top of your identity, endpoint, vulnerability, cloud-posture, and ticketing systems - reading findings and posture metadata and surfacing exposure, aging, and drift. It is not a SIEM or EDR, does not detect or respond to threats, does not remediate or change anything, and does not read secrets or credentials. It complements your security stack with a posture view; figures here are synthetic.

78/100

Security posture

+7 YoY

14

Critical vulns open

-9 QoQ

86

High vulns open

9 days

MTTR (critical)

target 5

94%

MFA coverage

+6 pts

36

Internet-exposed assets

240

Open findings

18

Incidents (TTM)

0 major

Posture score trend & plan synthetic

Trailing 8 quarters with a 4-quarter plan and band.

Posture scorePlanBand

Open findings by category synthetic

Signals worth attention

14 critical vulns open, 6 internet-facing - past the 5-day MTTR target; the clear priority for the patch queue.

42 stale accounts, 11 with elevated rights - dormant access that widens the attack surface; candidates for review.

Posture up 7 points YoY - MFA rollout and faster remediation are compounding; on track toward 85.

Synthetic preview. In production, derived read-only from identity, EDR, scanner, CSPM, and ticketing systems with SHA-256-anchored lineage, as in SCO.

Vulnerability posture

Open vulnerabilities by severity, how fast they are closed, and where the riskiest ones sit.

14

Critical open

86

High open

9 days

MTTR (critical)

38

Aging > 30 days

Open vulnerabilities trend synthetic

Total open findings across severities, trailing 8 quarters.

Open by severity (count)

Low320

Medium210

High86

Critical14

Vulnerability bridge (TTM) synthetic

Open at start to open now, in findings.

Asset / system	Finding	Severity	Age
Edge VPN appliance	Unpatched CVE (RCE)	Critical	21d
Public web app	Outdated TLS / library	Critical	14d
OSK-03 OT gateway	Legacy OS, unsupported	High	40d
File server cluster	Missing patches (12)	High	18d
Cloud storage	Public read access	High	9d

Identity & access

Who and what has access, how it is protected, and where dormant or over-privileged access widens the attack surface.

2,400

Identities

94%

MFA coverage

78

Privileged accounts

42

Stale accounts

Identities by type synthetic

MFA coverage by group

Employees98%

Privileged100%

Contractors84%

Service acctsn/a (61% keys rotated)

Access worth reviewing read-only

Category	Count	Note
Stale accounts (>90d inactive)	42	11 with elevated rights
Privileged without MFA	0	fully covered
Service-account keys >1yr	23	rotation overdue
Orphaned (no owner)	9	offboarding gap

23 service-account keys are over a year old - rotation is the single cheapest reduction in attack surface here.

Synthetic, aggregated. Reads identity-provider metadata read-only; no credentials or secrets are ever read.

Asset & exposure

What is on the network, what faces the internet, and what is unmanaged or unsupported.

4,180

Known assets

36

Internet-exposed

58

Unmanaged

24

EOL / unsupported

Assets by environment

Corporate IT2,180

Plant / OT1,010

Cloud720

Remote / BYOD270

Exposed & unmanaged read-only

Category	Count	Risk
Internet-facing services	36	6 unpatched
Unmanaged endpoints	58	no EDR
EOL operating systems	24	OT-heavy
Shadow cloud accounts	5	ungoverned

58 endpoints have no EDR coverage - concentrated in plant/OT; the gap most worth closing for breach resilience.

Synthetic, aggregated. Reconciles asset inventories read-only across CMDB, EDR, and cloud; OT read passively.

Patch & configuration

How current systems are on patches, and how far configurations drift from the hardened baseline.

88%

Patch compliance

120

Overdue patches

81%

CIS benchmark adherence

96

Config drift items

Patch compliance by platform

Windows servers93%

Linux96%

Endpoints86%

OT / plant64%

Config drift by area

Cloud IAM28

Endpoints22

Network27

Servers19

OT patch compliance at 64% - expected for plant systems, but the largest single driver of the open-vuln backlog.

Synthetic, aggregated. Reads patch and configuration state read-only; benchmark = CIS; AssetShop never changes configuration.

Incidents

Security incidents over time, how quickly they are detected and resolved, and what caused them.

18

Incidents (TTM)

0

Major / breach

4 hrs

Mean time to detect

2.1 days

Mean time to resolve

Incidents per quarter synthetic

Recent incidents read-only

Type	Severity	Detected	Resolved
Phishing (credential)	Medium	<1 hr	Same day
Malware on endpoint	Medium	2 hrs	1 day
Misconfig exposure	Low	6 hrs	2 days
Suspicious login	Low	<1 hr	Same day

Incident volume is trending down and no major breach occurred this year - detection time is the strongest control in place.

Synthetic, aggregated. Reads incident-ticket metadata read-only from SIEM/ITSM; AssetShop reports, it does not respond.

Cloud posture

Misconfigurations and exposure across cloud accounts - the fastest-moving part of the attack surface.

64

Cloud findings

5

Critical

3

Public buckets

28

Over-privileged roles

Findings by severity

Low24

Medium21

High14

Critical5

By cloud account

Account	Findings	Critical
Production (primary)	28	2
Data / analytics	16	2
Dev / test	14	1
Shadow / ungoverned	6	0

3 public storage buckets and 28 over-privileged roles - high-impact, low-effort fixes that move the posture score most.

Synthetic, aggregated. Reads CSPM findings read-only; AssetShop surfaces misconfigurations, it does not change cloud config.

Third-party risk

How exposed the business is through its vendors - ratings, overdue assessments, and the highest-risk relationships.

142

Vendors assessed

7

High-risk

19

Assessments overdue

B+

Avg security rating

Vendors by risk tier

Low88

Moderate47

High7

High-risk vendors read-only

Vendor type	Rating	Issue
Logistics platform	D	Breach history
Marketing SaaS	C	Data access, weak posture
Contract manufacturer	C	No recent assessment
Payroll processor	C+	Sensitive data, overdue

4 high-risk vendors handle sensitive data - prioritize reassessment and contract security terms (links to Legal Operations).

Synthetic, aggregated. Reads vendor-rating and assessment metadata read-only; ratings illustrative.

Compliance & controls

How control coverage maps to the frameworks that matter, and where evidence is stale or gaps remain.

82%

Control coverage

76%

Evidence fresh

23

Open control gaps

3

Frameworks tracked

Control coverage by framework

SOC 282%

ISO 2700174%

NIST CSF79%

Largest control gaps read-only

Control area	Status	Note
Vendor risk management	Partial	19 assessments overdue
Asset management (OT)	Partial	58 unmanaged endpoints
Key rotation	Gap	23 stale service keys
Logging coverage (OT)	Partial	limited plant telemetry

Most gaps trace back to OT and third parties - the same two themes running through vulns, assets, and vendor risk. Fixing them lifts several frameworks at once.

Synthetic, aggregated. Maps observed controls read-only to frameworks; this is posture mapping, not a certification or audit.

Connectors & data

Where Security Operations would read from, and the posture it would read with.

Read-only, and it never touches secrets. These connectors are scaffolded, not built - each reports 0/12 conformance until a tenant integration is done. In production they read findings, posture, and identity metadata read-only, with SHA-256-anchored lineage. AssetShop does not read credentials or secrets, does not act on systems, and does not replace your SIEM, EDR, or SOC.

Security connectors

System	Category	Mode	Status
Okta / Entra ID	Identity	Read-only	Scaffolded 0/12
CrowdStrike	Endpoint / EDR	Read-only	Scaffolded 0/12
Qualys / Tenable	Vulnerability	Read-only	Scaffolded 0/12
Wiz / CSPM	Cloud posture	Read-only	Scaffolded 0/12
Splunk / SIEM	Incidents / logs	Read-only	Scaffolded 0/12
ServiceNow	ITSM / tickets	Read-only	Scaffolded 0/12

How it stays trustworthy

Read-only, no action - no path to remediate, isolate, or change a system.

No secrets - reads findings and posture metadata only; never credentials, keys, or payloads.

Lineage on every figure - each number traces to a source finding or record via SHA-256 anchoring, as in SCO.

Planned domain. Connectors are scaffolds; functional conformance (12/12) is verified per tenant at integration, never assumed.

Signals & opportunities

Security signals across vulnerability, identity, and response - read-only from scanners, IdP, and SIEM. Surfaces exposure; remediation runs in your tools. Figures synthetic (Meridian Industrials).

11

Open signals

5 critical

Exposure

2

High severity

MTTR -40%

Addressable

Detected signals synthetic

Each signal is an observation with a source lineage; confidence reflects how directly the data supports it.

Signal	Area	Severity	Magnitude	Conf.	Source
Critical vulns open >30d	Vulnerability	high	5 critical	high	scanner
Privileged access over-provisioned	Identity	high	18 accounts	med	IdP
Dormant privileged accounts	Identity	medium	7 inactive 90d	high	IdP
MTTR drift - incidents	Response	medium	+6h QoQ	med	SIEM
Patch backlog	Hygiene	medium	23% past SLA	high	endpoint
Incident recurrence	Response	medium	3 repeats	med	SIEM
Shadow / unmanaged assets	Exposure	low	9 discovered	med	discovery

Opportunities the signals point to

What the observation suggests. AssetShop quantifies; your team decides and acts in the source systems.

5 vulns

Remediate critical vulnerabilities open beyond 30 days.

18 acct

Right-size over-provisioned privileged access to least-privilege.

7 acct

Disable dormant privileged accounts inactive over 90 days.

How to read this

High signals are concentrated, well-evidenced, and material - act on these first.

Confidence separates observed facts from modeled estimates.

Every figure traces to a read-only source. Nothing here is written back to any system.

Synthetic. Signals computed from read-only scanner / IdP / SIEM data; magnitudes labeled modeled are estimates, not posted figures. Operational signal, not advice; AssetShop never writes back to source systems.

Finding detail

Open security findings across vulnerability, identity, and response.

11

Open findings

5

Critical

18

Over-provisioned

7

Dormant

Detail records synthetic

Critical findings open beyond 30 days are the priority. Use Export above to download exactly these rows as CSV.

Asset / finding	Type	Severity	Age (d)	Status	Owner
AS-1 Edge app CVE	vulnerability	critical	34	open	SecOps
AS-2 Privileged grants	identity	high	12	open	IAM
AS-3 Dormant admin	identity	high	94	open	IAM
AS-4 Unpatched host	vulnerability	high	21	in-progress	IT
AS-5 SIEM rule gap	response	medium	8	open	SecOps
AS-6 Shadow asset	exposure	medium	15	open	IT
AS-7 MFA exception	identity	medium	30	in-progress	IAM
AS-8 Repeat incident	response	medium	5	open	SecOps
AS-9 Cert expiry	hygiene	low	3	open	IT

Synthetic (scanner + IdP + SIEM). Read-only detail; AssetShop never writes back to source systems. Figures illustrate Meridian Industrials.

Executive overview

Posture score trend & plan synthetic

Open findings by category synthetic

Signals worth attention

Vulnerability posture

Open vulnerabilities trend synthetic

Open by severity (count)

Vulnerability bridge (TTM) synthetic

Top exposures read-only

Identity & access

Identities by type synthetic

MFA coverage by group

Access worth reviewing read-only

Asset & exposure

Assets by environment

Exposed & unmanaged read-only

Patch & configuration

Patch compliance by platform

Config drift by area

Incidents

Incidents per quarter synthetic

Recent incidents read-only

Cloud posture

Findings by severity

By cloud account

Third-party risk

Vendors by risk tier

High-risk vendors read-only

Compliance & controls

Control coverage by framework

Largest control gaps read-only

Connectors & data

Security connectors

How it stays trustworthy

Signals & opportunities

Detected signals synthetic

Opportunities the signals point to

How to read this

Finding detail

Detail records synthetic