Operationalizing CTEM Faster: Build Surface Command Dashboards in Minutes

Modern attack surfaces don’t sit still. Cloud expansion, SaaS sprawl, identity complexity, and shadow IT are continuously reshaping organizational risk. For security leaders, visibility isn’t the challenge anymore, but actually operationalizing that visibility is. Surface Command was built to unify asset and identity intelligence across your external attack surface. But translating that intelligence into executive-ready dashboards or operational reporting has often required knowledge of Cypher queries. Today, that changes: We’re introducing filter-based dashboard widgets in Surface Command, enabling teams to build meaningful attack surface management (ASM) dashboards in minutes, without writing a single query. And for CISOs focused on advancing continuous threat exposure management ( CTEM ), this is more than a usability enhancement. It’s an operational accelerator. From filters to dashboards, instantly Security teams already use saved asset and identity filters to answer critical questions: Which internet-facing assets are high risk? Where do privileged identities intersect with exploitable exposures? Which business units own unmanaged cloud infrastructure? What third-party SaaS applications expand our attack surface? Now, those same saved filters can be converted directly into live dashboard widgets. If your team can build a filter table, they can now build a dashboard. There’s no need to understand query syntax or rely on specialized expertise for common reporting needs. With just a few clicks, exposure views become shareable, persistent dashboards built on the same unified data model that powers Surface Command. Figure 1: Creating dashboard “widgets” in the Rapid7 Command Platform Reducing friction in exposure reporting For many organizations, the barrier to effective exposure management isn’t visibility, it’s friction. When dashboard creation requires query expertise, reporting slows down, operational teams depend on a small group of power users, executive visibility lags behind exposure reality, and CTEM initiatives stall under complexity. Filter-based widgets remove that bottleneck. Security teams can now spin up exposure dashboards in minutes, empower analysts and vulnerability teams to self-serve, deliver consistent reporting to leadership, and standardize exposure views across business units. This lowers the barrier to building and maintaining exposure intelligence across the organization, and that matters when “continuous” is the goal. A practical enabler for continuous threat exposure management (CTEM) Beyond a framework, CTEM is a discipline. One that treats exposure management as an ongoing cycle, not a point-in-time project. CTEM is commonly organized into five continuous steps: Scope – Define what you’re focusing on (systems, business services, exposure themes, time horizons). Discover – Identify the assets, identities, and exposures within scope. Prioritize – Determine what matters most based on risk and impact. Validate – Confirm exploitability and real-world likelihood. Mobilize – Drive remediation and measure progress. The challenge isn’t describing these steps. It’s making them repeatable in day-to-day operations, and that’s where filter-based dashboard widgets help. Making “scope” real, not a slide deck CTEM often succeeds or fails at the first step: scope. If “scope” lives in a document, teams interpret it differently. If it lives on the platform, it becomes operational. Saved filters are an effective way to define scope in a way teams can actually use. Let’s take a look at some examples: “Internet-facing assets owned by customer-facing business units” “Privileged identities with access to production” “Externally exposed services supporting payment workflows” “Cloud assets without an identified owner” With filter-based widgets, you can turn those scoped views into dashboards that make CTEM focus areas visible and persistent. This helps teams stay aligned on what you’re measuring and why. Operationalizing discovery and prioritization Once scope is defined, CTEM demands continuous discovery and prioritization. Filter-based widgets support that by making key exposure views always available, such as: Newly discovered external assets in a critical business unit High-risk exposures on internet-facing systems Identity-driven exposure hotspots (where access and exposure intersect) Business-unit risk breakdowns for ownership and accountability Instead of rebuilding reports each cycle, teams can use dashboards to maintain ongoing awareness of what has changed. Supporting validation and mobilization with “always-on” views Validation and mobilization are where CTEM becomes measurable. While advanced workflows still benefit from deeper investigation and custom analysis, filter-based dashboards help teams maintain consistent operational pressure: Are the highest priority exposures shrinking week over week? Are the same teams repeatedly accumulating unmanaged assets? Are privileged identity risks trending in the right direction? Dashboards don’t replace validation, but they make it easier to target validation where it matters, and to keep remediation efforts aligned to the scoped CTEM goals. Built on the Command Platform: unified data, real-time context These filter-based widgets aren’t layered on top of a separate reporting engine. They’re instead powered directly by the Command Platform’s unified asset and identity graph, which is the same continuously updated data model that drives Surface Command. That means widgets reflect real-time exposure state, asset and identity relationships stay connected, context holds across domains, and dashboards scale as your attack surface evolves. For CISOs, this is what turns reporting into decision support: consistent data, consistent definitions, and visibility that doesn’t lag behind reality. Accessibility without sacrificing power Most reporting can now be built from easy-to-use filter tables, without the learning curve associated with Cypher. For advanced correlation, custom logic, and complex investigations, teams can still leverage custom queries. The result is balance: Accessibility for most users and flexibility for advanced practitioners – all via one unified platform. Turning exposure intelligence into executive clarity Surface Command was built to give organizations a unified view of their external attack surfaces across assets, identities, and exposures. With filter-based dashboard widgets, that intelligence becomes easier to operationalize, easier to share, and easier to scale, especially for CTEM programs that rely on repeatability. Because continuous threat exposure management shouldn’t depend on who knows how to write a query. It should be built into the way your platform works.