Why these 20 indicators?
Most organizations already have the necessary tools — AD, EDR, CMDB, MDM, vulnerability scanners. The problem isn't a lack of data, it's the absence of a cross-functional view. Each tool operates in a silo, and no one cross-references the information.
These 20 indicators represent the KPIs every organization should track to manage its cybersecurity. They fall into three families: Devices (8), Identities (6) and Cross-references (6). The cross-references make all the difference — that's where real risks surface.
Devices — 8 indicators
- Active antivirus/EDR coverage — percentage of devices with active, functioning endpoint protection
- Up-to-date system rate — percentage of devices with the latest security patches applied (< 30 days)
- Successful backup rate — percentage of backups completed successfully over the past 7 days
- Disk encryption rate — percentage of devices with encryption enabled (BitLocker, FileVault)
- Unpatched critical vulnerabilities — number of critical flaws (CVSS ≥ 9) or KEVs unpatched for over 30 days
- Compliant device rate — percentage of devices meeting MDM security policies (Intune, Jamf, etc.)
- Obsolete system rate — percentage of devices running an end-of-support OS (Windows 7, Server 2012, etc.)
- Orphan devices — number of active devices with no identified owner
Identities — 6 indicators
- MFA coverage rate — percentage of users protected by multi-factor authentication
- Compliant password rate — percentage of users meeting the password policy (complexity, expiration)
- Admin accounts without MFA — total number of accounts with admin role without MFA enabled
- Inactive admin accounts — number of admin accounts unused for over 90 days
- Accounts with permanent passwords — number of accounts whose passwords never expire
- Phishing awareness rate — percentage of employees who clicked on phishing test emails
Cross-references — 6 indicators
This is where OverView's value truly shines. Existing tools each measure their own scope. Only cross-referencing reveals the real risks.
- At-risk workstations — number of business-critical devices or devices linked to admin accounts, without active EDR
- At-risk servers — number of critical servers without recent backup and without EDR
- At-risk identities — number of accounts without MFA, with high phishing attempt rates, linked to devices without EDR or highly vulnerable devices
- Vulnerable software — top 10 most vulnerable software present across the estate, with affected devices
- Targeted devices — devices with a high number of EDR alerts, linked to an admin account or an account with a non-expiring password
- Legacy — percentage of devices or accounts still present in IT and cyber tools, with a last activity date over 90 days old
How OverView calculates these indicators
OverView connects to your existing tools (AD, EDR, CMDB, MDM, vulnerability scanners) and collects data without heavy technical integration. Indicators are calculated automatically and updated continuously.
| What you have today | What OverView brings |
|---|---|
| Data scattered across 5 to 15 tools | Unified view in a single dashboard |
| Manual, declarative indicators | KPIs calculated from actual data |
| No cross-referencing between tools | 6 cross-reference indicators that reveal real risks |
| Monthly reporting taking 2 days | Automated reporting, always up to date |
"Before OverView, we had the data but not the vision. Now, cross-references show us exactly where to act."