Understanding Asset Security Posture
Understanding Asset Security Posture
Beyond the global dashboard, each asset in FortWatch has its own security profile that helps you understand its individual risk level and track improvements over time.
Asset Detail Page
The asset detail page provides a focused view of a single domain or IP address, including:
- Asset information — Resolved IP, canonical URL, CDN/WAF provider, current status.
- Findings summary — A severity breakdown specific to this asset.
- Scan history — A list of all scans that have run against this asset, with results.
- Open issues — All tracked issues affecting this asset.
- Port profile — Open ports and services detected by Nmap.
Evaluating an Asset
When assessing an asset, consider these factors:
- Critical and High findings — Are there any? If so, they should be your top priority.
- Open ports — Are any unexpected ports open? Every open port increases the attack surface.
- Service versions — Are the detected service versions current? Outdated software is a common attack vector.
- Security headers — Are standard security headers present? Missing headers are often Medium-severity findings.
- SSL/TLS — Is the certificate valid and using strong protocols?
Tracking Improvement
Compare scan results over time to see if your remediation efforts are working:
- Are the number of findings decreasing between scans?
- Are critical and high findings being resolved?
- Are new findings appearing (indicating new problems) or is the asset stable?
An asset with a decreasing finding count and no critical or high issues is in good shape. An asset with increasing findings — especially at higher severities — needs immediate attention.