Using mitigation controls monitoring with Security Posture Control

  • Release version: Washingtondc
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Using Mitigation Controls Monitoring with Security Posture Control

    Security Posture Control (SPC) allows users to monitor mitigation controls that protect enterprise assets. By assessing how security tools are configured, SPC provides insight into threats and their corresponding mitigations, helping organizations manage their security posture effectively.

    Show full answer Show less

    Key Features

    • Asset Inventory: Identifies all enterprise assets, including unmanaged or unknown ones.
    • Security Controls Coverage and Health: Detects gaps in security controls.
    • Threat Mitigation Visibility: Shows which threats are mitigated by specific controls, with references to MITRE-ATT&CK™ techniques.
    • API Integrations: Integrates with security tools to gather configuration data, enhancing the identification of applicable mitigation controls.

    Key Outcomes

    Cybersecurity teams and analysts can:

    • Gain comprehensive visibility of enterprise assets and their security status.
    • Identify critical vulnerabilities and compliance deviations.
    • Understand the effectiveness of existing mitigation controls based on security tool configurations.

    To utilize the SPC efficiently, appropriate user roles include admin, SPC Admin Group, SPC Analyst Group, and SPC Analyst Read Only Group, each with varying access levels to SPC records.

    From within in the Security Posture Control (SPC) Workspace, gain insight into which threats to your assets are mitigated by available mitigation controls based on how various security tools are configured.

    Mitigation controls monitoring

    For supported applications for Security Posture Control and Mitigation Controls Monitoring, see Exploring Security Posture Control.

    The Security Posture Control application focuses on three core problem areas:
    • Asset inventory - Identifying all your enterprise assets that include unmanaged or unknown assets.
    • Security controls coverage and health - Identifying any coverage gaps with your security controls
    • Threat mitigation visibility - Identifying which threats to your assets are mitigated by applicable mitigation controls.
    Mitigation controls monitoring describes the features in Security Posture Control that fall under threat mitigation visibility. In this regard, MITRE-ATT&CK™ lists a set of available mitigations that can be used for various techniques. Some examples include:
    1. Web application firewall as a mitigation for the technique Initial Initial Access > Exploit public facing application.
    2. Exploit protection as a mitigation for techniques such as Execution > Exploitation for Client Execution.
    3. Multi-factor authentication as a mitigation for the technique Privilege Escalation > Account Manipulation.
    Roles required:
    • admin - Installs applications from the ServiceNow® Store and activates plugins (ITOM Discovery).
    • SPC Admin Group and SPC Analyst Group - Users in this group have full read and write access to all the records for the product and the workspace.
    • SPC Analyst Read Only Group - Users in this group have full read access to all the records for the product.

    Mitigation controls monitoring users and benefits

    Table 1. Users
    User Description
    Cybersecurity teams, Security analysts and managers
    • Gain visibility into all your enterprise assets that include unmanaged or unknown assets.
    • Identify coverage gaps with your security controls, toxic combinations of problems such as critical vulnerabilities and internet exposure on your assets, and deviations from your internal security standards.
    • Gain insight into which threats to your assets are mitigated by mitigation controls that are based on how security tools are configured.

    Security Posture Control and the mitigation controls monitoring workflow

    Security Posture Control uses API integrations with security tools such as web-application-firewalls and endpoint protection tools to import additional configuration data about your assets and analyze it to identify the applicable mitigation controls for a given asset. These API integrations are separate from the service graph connector integrations that are supported by SPC and import different data. You configure these API integrations from within the SPC Workspace.

    Service graph connector integrations or ITOM Discovery are still required for mitigation controls monitoring. For example, both the CrowdStrike Service Graph Connector and the CrowdStrike API integration supported by SPC must be activated to import additional insights about which mitigation controls are enabled by the CrowdStrike endpoint protection configuration.