Overview
This article highlights the latest enhancements and integrations added to the Cye Exposure Management Platform in December 2024. It covers new dashboards, data import capabilities, integration updates, and changes in how findings linked to acceptable risk remediation assets are handled.
Group-Level Overview
The Group-Level Overview provides corporate CISOs with a centralized view of risk KPIs across subsidiaries.
Consolidates and aggregates key performance indicators (KPIs), such as exposure and maturity, from all subsidiary environments
Allows CISOs to view high-level risk metrics and quickly switch to a specific subsidiary’s the Cye platform instance for detailed analysis
📎 For more information, refer to the [Group-Level Overview documentation]
Import Findings
the Cye platform now supports importing findings from external sources, such as:
Penetration testing reports
Risk registers
Non-integrated security tools
This enhancement provides:
A centralized view of all findings
Improved risk management
More comprehensive assessment of your security posture
Imported findings — even from tools the Cye platform does not natively support — will contribute to your risk KPIs, including maturity.
Fix Findings Linked to Acceptable Risk Remediation Assets
the Cye platform now allows changes to finding statuses based on the Acceptable Risk status of remediation assets:
Non-graph findings linked to remediation assets marked as Acceptable Risk can be set to Fixed
Graph-based findings (edges) cannot be set to Fixed, even if their associated remediation assets have Acceptable Risk status
Additional update:
A system tag, Acceptable Risk, is now automatically applied to such findings
You can use this tag to search and filter findings
📎 For more information, refer to the [Fixing Findings with Acceptable Risk Remediation Assets documentation]
New Integrations
Active Directory
Active Directory (AD) is a core component of IT environments, used for:
Authentication
Directory browsing
Single sign-on
It contains sensitive information such as:
Usernames and passwords
Network structure and access rights
Because of its value, AD is a high-priority target for attackers.
This integration enables the Cye platform to:
Ingest vulnerability data from AD
Influence top-line risk metrics like Exposure and Maturity
📎 For more information, refer to the [Active Directory documentation]
Wiz
Wiz is a cloud infrastructure security platform that provides full visibility into your cloud environment.
This integration allows the Cye platform to:
Retrieve findings from Wiz-imported projects
Create the Cye platform findings from Wiz-detected vulnerabilities and misconfigurations
Update key metrics such as Exposure and Maturity
📎 For more information, refer to the [Wiz documentation]
Microsoft Defender for Cloud
Microsoft Defender for Cloud is a CNAPP (cloud-native application protection platform) offering:
Cloud Security Posture Management (CSPM)
Cloud Workload Protection (CWP)
DevOps security features
It protects both multi-cloud and hybrid environments.
This integration enables the Cye platform to:
Ingest host and cloud resource assets
Ingest vulnerability data
Use business context to assess Exposure, Maturity, and remediation priority
📎 For more information, refer to the [Microsoft Defender for Cloud documentation]
Wrap-up / Next Steps
These updates are designed to give you broader visibility, deeper integrations, and more flexibility in how you manage risk in the Cye platform.
Explore the linked documentation if you'd like to dive deeper into any of these new capabilities — or take your time and return when you're ready.