Exploring Security Posture Control

  • Release version: Zurich
  • Updated August 18, 2025
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Security Posture Control

    Security Posture Control (SPC) empowers cybersecurity teams to gain comprehensive visibility into their enterprise asset inventory and evaluate their overall security posture. By integrating asset data from ServiceNow products like Hardware Asset Management (HAM), ITOM Discovery, and various third-party tools through Service Graph Connectors, SPC provides insights into security tool deployment and asset coverage. This enables security analysts to monitor compliance with internal security standards, create custom policies, and prioritize vulnerability remediation based on asset risk.

    Show full answer Show less

    Key Features

    • Complete Asset Visibility: Aggregates asset information from multiple sources, including ServiceNow CMDB and third-party tools, to provide a unified view of security coverage.
    • Security Tool Coverage Gap Identification: Uses API integrations to identify assets lacking specific security tools such as endpoint protection, enabling targeted remediation.
    • Custom Policy Creation: Allows configuring policies and insights using asset metadata, security tool coverage, and vulnerability data to monitor compliance with internal standards.
    • High-Risk Combination Detection: Identifies assets with critical vulnerabilities combined with missing security tools or internet exposure, enhancing risk prioritization.
    • Mitigation Controls Monitoring: Provides visibility into how configured security tools mitigate threats, helping optimize defense strategies.
    • Automated Remediation Workflow: Integrates with the ServiceNow Configuration Compliance application to assign findings and automate remediation tasks.

    How It Works

    SPC consists mainly of two applications available through separate subscriptions from the ServiceNow Store: Security Posture Control Core and Asset Security Posture Management (ASPM). ASPM relies on data in the CMDB and performs security posture analysis by comparing asset coverage from various tool categories such as endpoint management, network security, vulnerability assessment, and cloud providers.

    To operate, SPC requires:

    • Activation of API connections via Service Graph Connectors to integrate data from supported third-party tools.
    • Activation of shipped policies to evaluate assets and detect gaps or compliance issues.
    • For high-risk combination policies, integration with the Vulnerability Response application and compatible vulnerability scanners (e.g., Qualys, Rapid7, Tenable) is necessary.

    Benefits for ServiceNow Customers

    • Gain actionable insights into asset security coverage and compliance in one platform.
    • Improve vulnerability remediation prioritization by focusing on high-risk assets.
    • Automate the identification and remediation of security posture gaps through integration with ServiceNow Configuration Compliance.
    • Leverage customizable policies to align security posture monitoring with unique internal standards.
    • Enhance visibility into mitigation effectiveness to strengthen overall cybersecurity defenses.

    Security Posture Control enables cybersecurity teams to get visibility into their complete enterprise asset inventory and determine their overall security posture.

    Security analysts gain insights into how well security tools are deployed and covering their assets based on their asset inventory and imported data from service graph connectors and ServiceNow products such as Hardware Asset Management (HAM) and ITOM Discovery.

    Security analysts can also create custom policies and configure insights to monitor the compliance of assets with internal security standards. Vulnerability managers can use insights from Security Posture Control (SPC) to prioritize remediation of vulnerabilities on high-risk assets.

    The SPC product is based on Cloud Security Posture Management (CSPM) and Cyber Asset Hygiene Management (CAHM). Security Posture Control consists of two applications that are available by separate subscription from the ServiceNow® Store.

    Release version Release notes
    Security Posture Control Core: v6.2, v6.1, v6.0.

    For compatibility information, see KB0856498 Vulnerability Response Compatibility Matrix and Release Schema Changes

    Security Posture Control release notes
    Asset Security Posture Management: v5.3, v5.1, v5.0
    Mitigation Controls Monitoring v4.0, v3.0, v2.0
    Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.

    With the SPC product, Info-Sec teams can perform the following tasks:

    • View security posture insights for your on-premise and cloud assets. SPC helps your Info-Sec teams identify assets that are missing endpoint protection, unmanaged assets, assets exposed to the internet, and any high-risk combinations involving vulnerabilities.
    • Monitor your assets for their compliance with internal security tool configuration standards. For example, ensure that the latest version of an endpoint protection product is being used.
    • Automate your remediation workflow for the security posture gaps you find with the ServiceNow Configuration Compliance application.
    • Create custom policies and insights based on asset metadata, security tool coverage data, and vulnerability data.
    • Gain insight into which threats to your assets are mitigated by available mitigation controls based on how various security tools are configured with Mitigation Controls Monitoring.

    How Asset Security Posture Management works

    How it works workflow

    Asset Security Posture Management (ASPM) identifies security tool coverage gaps in assets by using API integrations with various third-party tools (Service Graph Connectors) along with ServiceNow products.

    ASPM relies on data populated in your CMDB about your assets. The asset data is imported by various categories of monitoring tools and compared to identify any potential security gaps.

    For example, say there is asset data populated in the CMDB that is reported by tools that cover infrastructure monitoring and networking tools. However, this data for those same assets is not populated or reported by endpoint protection tools. If you compare the asset data reported by these different tools you can see that there are assets missing an endpoint protection agent.

    Asset Security Posture Management identifies security tool coverage gaps in assets by using API integrations with various tools (Service Graph Connectors) and ServiceNow products. Categories include but are not limited to the following:

    • Digital Employee Experience
    • Discovery
    • Endpoint Management
    • IT Asset Management
    • Infrastructure Monitoring 
    • Networking
    • Network Security
    • Network Performance Monitoring
    • Configuration and Patch Management  
    • Endpoint Protection
    • Cloud Provider
    • Application Performance Monitoring
    • Directory Services
    • Vulnerability Assessment

    The Security Posture Control workflow

    Identifying security tool gaps involves the following steps:

    1. Set up and activate API connections with any of the tools that you are using in various categories. You can use Service Graph Connectors for products that are available from the ServiceNow Store for the API connections that are required. For more information about the supported service graph connectors, see Service Graph Connectors. Supported service graph connectors are available from the ServiceNow® Store with separate subscriptions.
    2. Activate the policies shipped with the Security Posture Control application. The Security Posture Control product finds security tool gaps by performing the following tasks:
      1. Identifies the list of all unique assets populated by various Service Graph Connectors in the CMDB.
      2. Identifies assets that are not reported by specific categories from this asset pool, for example, Endpoint Protection. Assets are identified based on the active policy that is being evaluated.
      3. Assets identified as not reported by specific categories are reported as ‘Findings’ or ‘Test Results’ in the Configuration Compliance application.
    3. Automatically assign ‘Findings’ to different teams for remediation with the Configuration Compliance application.

    High-risk combinations

    With Asset Security Posture Management, you can also identify assets that have high-risk combinations. An example of a high-risk combination might show assets that are missing security tools, have critical vulnerabilities, and are exposed to the internet.

    Some of the policies shipped with the Security Posture Control application look for these high-risk combinations of critical vulnerabilities and security tool coverage gaps. However, for these combination policies to work, you must have the Vulnerability Response application and at least one vulnerability scanner integration product such as Qualys, Rapid7, or the Tenable Vulnerability Integration application installed. These applications are available with separate subscriptions from the ServiceNow Store.

    Mitigation Controls Monitoring

    From within in the Security Posture Control (SPC) Workspace, gain insight into which threats to your assets are mitigated by available mitigation controls based on how various security tools are configured. See Mitigation Controls Monitoring for more information.