Today's cloud security teams handle large volumes of exposure findings every day, where most of the noise drowns out the few items that genuinely need immediate action. The data is there, the tools are there. What's short is time, and time runs even shorter in the cloud, where workloads spin up, change, and disappear within hours, and exposures appear and disappear with them.
Until now, getting to those exposures has meant jumping between multiple tabs, filtering across fields, and piecing the picture together by hand.
It's time to go from scattered views to a unified cloud lens.
Cloud Exposure View, available in the USEM workspace, cuts through the volume to surface what genuinely needs attention and what action to take. It is still organised by provider, resource type and scanner, but also gives an at-a-glance view of the overall cloud security posture — bringing focus, clarity, and the speed cloud security actually demands.
For Context: What Counts as a Cloud Security Exposure?
Cloud security exposures traditionally have lived under different ServiceNow applications — vulnerabilities on cloud VMs and hosts under Host Vulnerability Response, vulnerabilities on container images under Container Vulnerability Response, and misconfigurations on cloud resources under Configuration Compliance.
Before: The Tab-Toggling Reality
In the existing Vulnerability Manager Workspace, Host, Container, Application, and Configuration findings each live on their own tab, with their own overview. This might be useful for product-area analysis, but a cloud analyst tracking risk across all four still has to move tab by tab to assemble a single picture.
After: Everything Cloud, Under One Roof
With the Cloud Exposure View, the difference is immediate. All security findings across product areas come together in one place — and not just the findings, but the workflow associated with each one, surfacing what action to take next.
To get to Cloud Exposure View, navigate to the Security Exposure Management workspace and click the cloud icon on the left panel to open the Cloud Exposure View tab.
At the top, a filter bar answers the three questions a cloud security analyst asks every day:
- Finding type — vulnerability, misconfiguration, or container issue?
- Source — which scanner caught it? (Wiz, Tenable, Qualys, Prisma)
- Risk rating — how bad is it? (Critical, High, Medium)
Right next to the filter bar sits a Configure dashboard option, which lets each analyst tailor what shows up on the page. It allows focusing on the risk ratings that expose the highest risk to the organization — typically Critical and High — choosing which metrics appear in Needs attention, and selecting which widgets to display. The same view, shaped to the way each team prefers to work.
Below the filters, the Needs attention panel surfaces the four pressure points where cloud remediation gets stuck — findings that have not been routed, findings past their target date, findings stalled in review, and findings about to slip. These are the items that cannot wait, and each card is a one-click path into the list of records that need that exact action.
Next comes the Cloud Security Overview, which presents findings across multiple lenses. The first cut is by resource type — Compute, Network, Storage, and Other — because each category carries a different kind of risk and is typically owned by a different team within the organization. Within each resource card, findings are further broken down by cloud provider (AWS, Azure, GCP). In a multi-CSP environment, this view shows how resources and risk are spread across different cloud providers, giving a granular sense of the security posture at the CSP level and the asset category level within each CSP — enabling focused remediation programs for the most critical resources on the cloud of choice.
Beyond resource type, the same findings can also be examined through other lenses — by base container images, by accounts and regions, by toxic combinations, and by compliance scores.
Each widget works like an assistant to the analyst. They surface the images with the most active findings, the accounts broken down by misconfigurations and risk, or the regulatory frameworks where compliance is failing the most. Each widget answers a question a cloud security analyst would ask in the course of a day:
- Top base images — Which base images and application images are putting the organization most at risk — and are any unapproved ones surfacing here?
- Top accounts and regions — Which accounts or regions are concentrating the most risk?
- Top resources — Which resources, especially the internet-facing ones, need attention first?
- Top toxic combinations and lowest compliance scores — What are the most dangerous toxic combinations, and where are we weakest on compliance?
Each of these is again organized by product area like Host findings, Misconfigurations, Toxic combinations, and Container findings, and the records are further color-coded by risk rating. The same finding can be examined from whichever angle matches the analyst's question.
And the best part of Cloud Exposure View is that it does not just offer a unified view, it is a war room for security teams. Every record leads to a comprehensive workflow, so action can begin right from the view, without juggling multiple interfaces. All the insights, powered by all the actions. In one place.
The result is an at-a-glance view that preserves the segregation different teams need, while keeping the path from seeing an exposure to acting on it just one click away.
A New Experience, Built for the Modern Workspace
Cloud Exposure View is part of the next generation of SecOps experiences in USEM, built on the Workspace UI, which utilizes modern tooling to bring out the best user experience without compromising on security. It is designed to deliver the speed, clarity, and unification that cloud security work demands, closing the gap between seeing an exposure and acting on it within the timeframe cloud risk actually demands.
For more context on the broader USEM transition, see:
- Essential Information: VR to USEM Upgrade Guidance
- USEM Release Highlights and Upgrade Information
- SecOps Resource Library: Unified Security Exposure Management
