Portfolio Lens

Govern security
across the portfolio.

Monitor every portfolio company's program, run assessments, broadcast advisories and watch each company's attack surface 24/7, all from one read-only seat across the entire book.

Security across a portfolio is invisible until a deal or a breach. Each company reports differently, on its own cadence, in its own format, so there's no way to compare a holding's security the way you compare its financials. Portfolio Lens normalizes every company onto one scorecard, rolled up and drillable.

Hudson writes the risk story
for every company.

Risk stories3 companies need attention
Granite IndustrialC

Granite still has two critical findings open and sits below the portfolio average (2.6 out of 5). Threat detection is its weakest area, and nothing has moved in 30 days. Worth pushing on before the next board meeting.

Review findingsRaise concern
Helix HealthB+

Helix is in solid shape at 3.4 out of 5, with one minor finding open. Incident response is the only area trailing the rest, but the 30-day trend is flat, so a light push on response keeps it on track.

Review findingsRaise concern

Hudson reads every assessment, finding and trend across the book, then writes a plain-English risk story for each company, so the portfolio review narrative is ready before you open the deck.

What each story reads Maturity baseline Open criticals Portfolio benchmarks 30-day trend

Every company, one scorecard.

Portfolio posture9 companies
G
Granite IndustrialManufacturing · NIST CSF
2.6▼ 0.2Needs you
H
Helix HealthHealthtech · HITRUST
2.8▼ 0.1Needs you
T
Tidewater LogisticsLogistics · SOC 2
2.9▼ 0.3Watch
A
Aperture RoboticsRobotics · ISO 27001
3.7▲ 0.3Healthy
N
Northwind FoodsCPG · SOC 2
3.5▲ 0.1Healthy

Every portfolio company on one scorecard: maturity, trend, open criticals and audit posture, normalized so a holding's security is as comparable as its financials.

One view shows Normalized maturity 30-day trend Open criticals Audit posture
Go deeper on any company.
Generate a reportcross-portco
Portfolio RollupQuarterly posture across every company
LP Quarterly SummaryAggregate, anonymized fund report
Diligence BriefPre-acquisition security diligence
Attack SurfaceExternal exposure, all portcos

Board and LP reports, generated

Portfolio rollups, LP summaries and pre-deal diligence briefs, written by Hudson and ready to send.

Framework coverage5 companies
CompanyNISTISOSOC 2HITRUST
AAperture92%88%84%79%
NNorthwind84%76%90%61%
TTidewater74%62%80%58%
GGranite44%26%52%18%

Coverage, every framework, every company

One matrix of how far each company has gotten on every framework they're held to, so the gaps stand out.

External monitoring24/7
A
Aperture RoboticsUpdated 2d ago · Monitored 24/7
84
SSLA
HeadersA+
DNSA
EmailA+
No threats detected
41 subdomains12 ports

Watch every company from the outside

Command scans each company's external attack surface around the clock: SSL, headers, DNS, email and breach signals, scored and tracked.

Broadcaststo the book
Rotate long-lived cloud keys
High · Threat intel
Every company with a cloud environment: rotate long-lived access keys before Aug 1 and confirm MFA on admin roles. Hudson drafted the per-company steps.
GraniteHelixTidewater+6
6 of 9 acknowledgedSent · tracked

One message, the whole book

Push an advisory or board-prep request to every company at once, or a segment, and track who has acted, per company.

Run an assessment
on any company.

Walk a portfolio company's framework out loud. Command transcribes the conversation, drafts the status and maturity for every control, and pulls the evidence, so diligence and reviews write themselves.

Granite Industrial · NIST CSF assessmentLivePR.AA · Access control
Transcribing live · 11:08REC
Analyst
How do you manage and review access to your OT and production systems?
Granite · IT Director
Access goes through Azure AD groups, and plant managers approve requests. We do an access review twice a year with system owners.
Analyst
Is that review documented and signed off?
Granite · IT Director
Yes, the H1 review is signed off in Command with owner attestations
Hudson · drafting from the conversation
Access is provisioned via Azure AD groups with plant-manager approval; a semi-annual access review is performed with system owners and signed off in Command with attestations.
Suggested status
Met
Maturity
3.0
H1 Access Review.pdfevidence pulled
Watch the report draft itself from the conversation

Each company owns
its program. You see it all.

Every portfolio company runs in its own instance of Command, with full read-write control of their program. The firm gets a read-only seat over the whole book, so governance never means taking the keys.

Portfolio company

Their own Command.

Each company runs its full program in a dedicated instance, assessments, findings, controls, evidence and projects, with read-write access for their team.

Read · write
PE firm

One read-only lens.

The firm sees every company's posture rolled up and drillable, can run assessments and broadcasts, but never edits a company's program directly.

Read-only
Hudson · board-ready in seconds

The portfolio security deck, on demand.

Ask Hudson for the portfolio summary and it assembles the deck: maturity by company, exposure, audit posture and what changed since last quarter, sourced and drillable. Reach it anywhere with ⌘K.

See how Hudson works

Govern the portfolio in Command.

One note when Portfolio Lens is live, or reach out for a look before then. We'll walk through your portfolio and what governing it in Command looks like.