We're reclaiming inactive PDIs to keep them available for active builders. Learn what's changing, who's affected, and how to protect your work. Read More

maucblancha
ServiceNow Employee

 

Overview

 

Keeping your ServiceNow instance secure requires more than checking a few settings after an upgrade. Security Center continues to evolve into a central hub for monitoring your instance, identifying security risks, and helping administrators take action before issues become problems.

 

This session walks through the latest capabilities available in Security Center v3.3, providing a comprehensive tour of core capabilities and the newest enhancements. 

 

Security Center helps administrators: 

 

- Monitor overall instance security posture

- Track hardening compliance 

- Monitor security metrics and threshold alerts 

 

New Risk Acceptance for Hardening

 

Not every recommended hardening setting can be enabled. Some controls may conflict with busines requirements, integrations or operational processes. 

 

Rather than leaving these items permanently marked as non-compliant, admins can now: 

 

- Review a recommendation 

- Document why it cannot be implemented 

- Formally accept the associated risk 

- Include accepted items in their overall compliance score 

 

This creates a more accurate representation of an organization' security posture while maintaining clear documentation for future reviews and audits. 

 

Access Management Console: Access Findings 

 

Security Center now includes Access Findings, a new interface focused on potential vulnerabilities that were discovered the last time access checks were ran.

 

The following checks produce findings and are ran every 24 hours: 

 

- Inactive users with assigned roles 

- Dormant user accounts 

- Access controls on UI Pages

- External users with access to classified data 

- Access controls on tables 

- Users with direct role assignments (bypassing groups) 

- Access controls on client callable script includes 

- Empty ACLs 

 

 

Key Takeaways 

 

- Security Center v3.3 introduces valuable new capabilities for improving instance security. 

- The new risk acceptance feature allows organizations to accurately represent acepted business risk within compliance reporting. 

- Access Findings simplifies identifying and managing authorization-related risks. 

- Keeping Security Center updated ensures access to the latest hardening baselines, security checks, and platform improvements. 

 

Watch Full Session 

 

Want to dive deeper into the topics covered in this recap?

 

Watch the recording here