Using mitigation controls monitoring with Security Posture Control

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Using mitigation controls monitoring with Security Posture Control

    The Security Posture Control (SPC) Workspace in ServiceNow enables organizations to gain detailed insights into how threats to their assets are mitigated by existing security controls. This capability leverages configurations from various security tools to provide visibility into mitigation effectiveness, helping customers identify asset vulnerabilities and security control gaps.

    Show full answer Show less

    SPC addresses three key areas:

    • Asset inventory: Discovery of all enterprise assets, including unmanaged or unknown ones.
    • Security controls coverage and health: Identification of gaps or weaknesses in security controls.
    • Vulnerability and threat mitigation visibility: Understanding which threats or vulnerabilities are mitigated by available controls.

    Mitigation controls monitoring specifically focuses on vulnerability and threat mitigation visibility within SPC.

    Key Features

    • API Integrations: SPC integrates with security tools such as web application firewalls and endpoint protection systems via APIs to import configuration data about assets and their mitigation controls.
    • Separate from Service Graph Connectors: These API integrations are independent of Service Graph Connector integrations, which remain necessary for asset discovery and general data import.
    • Example Integration: For CrowdStrike, both the CrowdStrike Service Graph Connector and CrowdStrike API integration must be activated to fully import mitigation configuration data.
    • Role-Based Access: Access is controlled through roles such as admin, SPC Admin Group, SPC Analyst Group (full access), and SPC Analyst Read Only Group.

    Who Benefits and How

    • Cybersecurity Teams, Security Analysts, Managers: Obtain comprehensive visibility into all assets, including unmanaged ones, identify coverage gaps, detect risky combinations such as critical vulnerabilities combined with internet exposure, and monitor compliance with internal security standards.
    • Vulnerability Management Teams: Gain insights about available mitigations for vulnerabilities on assets and dynamically adjust risk scores according to mitigation status.
    • Threat Defense Teams: Identify gaps in mitigation and security control configurations related to specific attack techniques, enabling targeted improvements in defense posture.

    Practical Application for ServiceNow Customers

    ServiceNow customers using SPC can enhance their security operations by configuring the necessary API integrations alongside Service Graph Connectors and ITOM Discovery to ensure comprehensive data ingestion. With proper role assignments, teams can leverage SPC’s mitigation controls monitoring to improve asset security visibility, prioritize remediation based on effective mitigation coverage, and strengthen overall threat defense strategies.

    From within in the Security Posture Control (SPC) Workspace, gain insight into which threats to your assets are mitigated by available mitigation controls based on how various security tools are configured.

    Mitigation controls monitoring

    For supported applications for Security Posture Control and Mitigation Controls Monitoring, see Exploring Security Posture Control.

    The Security Posture Control application focuses on three core problem areas:
    • Asset inventory - Identifying all your enterprise assets that include unmanaged or unknown assets.
    • Security controls coverage and health - Identifying any coverage gaps with your security controls
    • Vulnerability and threat mitigation visibility - Identifying which threats or vulnerabilities to your assets are mitigated by applicable mitigation controls.

    Mitigation controls monitoring describes the features in Security Posture Control that fall under vulnerability and threat mitigation visibility.

    Roles required:
    • admin - Installs applications from the ServiceNow® Store and activates plugins (ITOM Discovery).
    • SPC Admin Group and SPC Analyst Group - Users in this group have full read and write access to all the records for the product and the workspace.
    • SPC Analyst Read Only Group - Users in this group have full read access to all the records for the product.

    Mitigation controls monitoring users and benefits

    Table 1. Users
    User Description
    Cybersecurity teams, Security analysts and managers
    • Gain visibility into all your enterprise assets that include unmanaged or unknown assets.
    • Identify coverage gaps with your security controls, toxic combinations of problems such as critical vulnerabilities and internet exposure on your assets, and deviations from your internal security standards.
    Vulnerability management teams Gain insights in mitigations available for vulnerabilities on the assets and dynamically adjust risk score for those vulnerabilities.
    Threat defense teams Gain insights into gaps in mitigations or security controls configuration against specific attack techniques.

    Security Posture Control and the mitigation controls monitoring workflow

    Security Posture Control uses API integrations with security tools such as web-application-firewalls and endpoint protection tools to import additional configuration data about your assets and analyze it to identify the applicable mitigation controls for a given asset. These API integrations are separate from the service graph connector integrations that are supported by SPC and import different data. You configure these API integrations from within the SPC Workspace.

    Service graph connector integrations or ITOM Discovery are still required for mitigation controls monitoring. For example, both the CrowdStrike Service Graph Connector and the CrowdStrike API integration supported by SPC must be activated to import additional insights about which mitigation controls are enabled by the CrowdStrike endpoint protection configuration.