Skip to main content

Security Posture

The Security Posture module gives internal IT departments a consolidated view of endpoint security health across the organisation. Monitor antivirus status, track patch compliance, identify vulnerabilities, and maintain a security score that surfaces risk at a glance.

Security Posture sits within the Fleet & Devices sidebar group, drawing data from the Level.io RMM+ integration to present security-relevant metrics alongside fleet and asset information.

Security Score Dashboard

The security score dashboard provides a single, organisation-wide metric reflecting overall endpoint security health. The score is calculated from:

  • Patch compliance rate — percentage of endpoints with all critical and recommended patches applied.
  • Endpoint protection coverage — percentage of devices with active, up-to-date antivirus/EDR.
  • Overdue devices — count of endpoints that have not checked in within a configurable threshold.
  • Open vulnerabilities — number of known vulnerabilities across the fleet.

The score is displayed on both the Security Posture page and the main Dashboard for practice-wide visibility.

Endpoint Protection Status

Monitor the state of antivirus and endpoint detection and response (EDR) across all managed devices:

  • Protection status — active, disabled, expired, or not installed.
  • Definition currency — how recently virus definitions or threat intelligence were updated.
  • Scan history — last full scan date and any detected threats.
  • Agent health — whether the security agent is running and communicating correctly.

Devices with missing, disabled, or outdated protection are flagged automatically and surfaced in the alert queue.

Patch Compliance Tracking

Track operating system and application patch levels across the fleet:

  • Patch status by device — current, pending reboot, pending installation, or overdue.
  • Critical vs. recommended — separate tracking for critical security patches and recommended updates.
  • Department compliance — view patch compliance rates by department to identify lagging teams.
  • Patch age — time since a patch was released versus time it was applied, for measuring deployment velocity.

Configure compliance thresholds (e.g. critical patches must be applied within 14 days) and receive alerts when devices fall outside policy.

Vulnerability Tracking

Maintain awareness of known vulnerabilities across the endpoint estate:

  • CVE tracking — map known CVEs to affected devices based on installed software and OS versions.
  • Severity classification — Critical, High, Medium, Low based on CVSS scoring.
  • Remediation status — track whether a vulnerability has been patched, mitigated, or accepted.
  • Trend reporting — monitor vulnerability counts over time to measure security improvement.

Alerting on Non-Compliant Devices

The Security Posture module integrates with the Fleet & Devices alert queue to raise alerts when:

  • A device's endpoint protection is disabled or removed.
  • Virus definitions are more than a configurable number of days old.
  • Critical patches remain unapplied beyond the policy window.
  • A device has not checked in for longer than the configured threshold.
  • A new critical vulnerability is detected on a managed endpoint.

Alerts appear in the Fleet & Devices alert queue and can trigger tasks in the Service Desk for remediation.

Security Reports

Generate security-focused reports for management and audit purposes:

  • Security posture summary — overall score, trend, and top risk areas.
  • Patch compliance report — detailed breakdown by department, device category, and patch severity.
  • Endpoint protection report — coverage rates, definition currency, and detection history.
  • Non-compliance report — list of devices currently outside security policy with reasons and remediation status.