Best Practices - Security Center

Steven Meissner · ‎08-02-2024

In this article, we will explore the Best Practice component of Security Center, a crucial tool within ServiceNow designed to enhance the security of your instance. The Best Practice component of ServiceNow aims to provide several security suggestions to improve the overall security posture of your instance. Each suggestion includes step-by-step instructions needed to implement it in your environment.

Looking at the 'Manage your Best Practices' page below, we see that the suggestions are structured around maturity levels, and the dashboard provides an easy way to track progress. This view is from an instance where the Best Practices component has not yet been used.

Notice that the number of Best Practices completed so far is 0 and the recommended next step is to commence the 'Build a foundation' maturity level.

The list of security suggestions for the "Build a foundation" level are;

Change the default login credentials
Configure web browsers to use only TLS 1.2 or higher when connecting to your instance
Configure your email systems to accept mail from your instance by using SPF
Enable table auditing for important or sensitive data
Enforce the use of strong passphrases
Ensure automatic account creation
Ensure that the High Security plugin is installed and activated
Install patches as soon as possible
Integrate with MFA
Limit accepted email sender domains
Monitor important logs to help identify any suspicious or malicious activity
Monitor your instance’s Hardening Compliance level
Remove the ‘Remember Me’ checkbox
Restrict access to your instance from unknown IP addresses
Use SAML authentication
Use the email filters feature set to deal with suspect inbound messages

This list provides a great starting point for improving the security posture of your instance and in most cases, provides great guidance on the steps necessary to complete the required configuration. As you go through each item however, ensure you review it in context of your environment and in consultation with your Cyber team.

For example, the item 'Ensure automatic account creation' suggests enabling the creation of new user accounts when emails are received from unknown email addresses. In most environments, you will most likely already be using a directory service to automatically provision new user accounts into your ServiceNow environment. If this is the case, I strongly recommend that Automation Account Creation from inbound emails remain disabled. The Best Practice guidance does not clearly address this nuance. It does however provide a way to record any decisions within the tool; by adding a comment to the Best Practice item.

I recommend reviewing the following items from the 'Build your foundation' list with your Technical Governance and Cyber teams before moving forward:

Ensure automatic account creation - Leave this disabled if you are already using a directory service to provision user accounts.
Integrate with MFA - Review this in terms of your enterprise strategy for MFA. I typically see MFA implemented on the organization's SSO/Identity tool rather than directly on ServiceNow. Make sure you also consider how any local accounts such as the Break glass Admin account or service accounts might be impacted.
Restrict access to your instance from unknown IP Addresses - Ensure you consider the impact that this might have on mobile devices and integrations. Also consider if this control should be implemented through Adaptive Authentication as opposed to the IP Range Based Authentication plugin.

Ongoing Maintenance

In order to keep up to date with the Security Best Practice suggestions from ServiceNow, I recommend that you check for new updates to the Security Center application on a monthly basis. Each new release of the application is likely to include more best practice recommendations that can be reviewed an actioned as needed. This is one area where I hope ServiceNow continues to invest, making it easier for administrators to understand some of the most common practices around security in the ServiceNow space.

In summary, the Best Practice component of Security Center provides a structured method to bolster your ServiceNow instance's security. By implementing the recommended steps and keeping up with regular updates, you can greatly enhance your security posture. Integrating insights from the other Security Center components into your strategy is essential. Remember, cybersecurity is a continuous journey—staying informed and proactive is vital. For further insights, explore the related articles listed below.

In today's ever-evolving digital landscape, ensuring the security of your IT environment is paramount. ServiceNow's Security Center includes a powerful tool called the Best Practice component, designed to bolster the security of your instance. This component provides actionable security suggestions tailored to your environment's needs, helping you strengthen your overall security posture.

**Overview of the Best Practice Component**

The Best Practice component within ServiceNow is integral for identifying and implementing security measures that enhance your instance’s resilience against potential threats. By leveraging this tool, organizations can systematically improve their security practices through a structured and guided approach.

**Structure and Functionality**

1. **Maturity Levels**

The Best Practice suggestions are organized around different maturity levels. These levels help categorize the security practices based on their complexity and the impact they have on the security posture. The maturity levels provide a clear roadmap for organizations to follow, ensuring that security improvements are both strategic and scalable.

2. **Dashboard and Tracking Progress**

The 'Manage your Best Practices' page in the Security Center dashboard is a central hub for tracking your progress. This view is particularly useful as it provides a visual representation of your security posture and helps in monitoring the implementation of various best practices. The dashboard includes:

- **Progress Indicators:** Visual indicators that show how many of the suggested practices have been adopted and the overall progress towards achieving a higher maturity level.
- **Actionable Insights:** Each suggestion comes with step-by-step instructions, making it easier to implement the recommended changes in your environment.

**Getting Started**

To begin using the Best Practice component:

1. **Access the Dashboard**

Navigate to the 'Manage your Best Practices' page within the Security Center. This will provide you with an overview of your current security posture and highlight areas that need attention.

2. **Review Suggestions**

Explore the list of suggested best practices. These suggestions are tailored to your current maturity level and will guide you through various security enhancements.

3. **Implement Recommendations**

Follow the provided step-by-step instructions for each suggestion. These instructions are designed to be comprehensive and user-friendly, ensuring that even complex security practices can be implemented efficiently.

4. **Monitor Progress**

Regularly check the dashboard to monitor your progress. The visual indicators will help you keep track of the improvements and areas that still require attention.

**Conclusion**

The Best Practice component in ServiceNow's Security Center is a valuable asset for organizations looking to enhance their security posture systematically. By following the structured maturity levels and utilizing the dashboard for progress tracking, you can effectively implement security suggestions and fortify your instance against potential threats.

**Additional Resources**

For more information on using the Best Practice component, refer to the ServiceNow documentation or contact your ServiceNow representative.

---

Feel free to adjust the details based on specific features or updates relevant to your version of ServiceNow!

Josh Pirozzi · ‎08-05-2024

@Steven Meissner,

Thank you for this overview! I've been utilizing the Security Center over the last several months, but don't have the features/options for Customer Actions, Best Practices or Notifications, and couldn't find them under the internal Plugins. Would you know if these are added items that I'd need to install, and if so, could you provide the URL(s) for each?

Thank you again!

Josh Pirozzi

Steven Meissner · ‎08-07-2024

Hi @Josh Pirozzi

Best Practices and Customer Actions were first released in v1.5 of Security Centre - Washington DC release timeframe.

Notifications are a very recent addition - v1.6 released in the last couple of weeks.

If you don't see these features, jump into Application Manager and check that you have the latest version of Security Center installed.

Hope this helps.

Steve

bjd · ‎02-24-2025

I am trying to setup entitlement to have read only access to all Security Center components.

Do you know which role I need to access and read all Security Center components?

Also to Edit/update Security Finding what roles is needed?

BraydenWS · ‎02-26-2025

Great article, Steven! The step-by-step breakdown of Security Center’s best practices is really helpful. One thought—while these measures strengthen security, do you think adding real-time monitoring or anomaly detection within ServiceNow could further enhance protection? It seems like tracking unusual user activity could help detect potential threats before they escalate. Would love to hear your thoughts on this!

Best Practices - Security Center

Ongoing Maintenance

Further Reading

Stop Blaming Performance — Start Fixing Your Business Rules

Reflections from the ServiceNow Developer Meetup – Pune (Q1 2026)

ServiceNow Governance -vs- Operating Model -vs- Strategy