Security Posture Control release notes

  • Release version: Xanadu
  • Updated November 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Security Posture Control release notes

    The ServiceNow® Security Posture Control application enables cybersecurity teams to gain comprehensive visibility into security tool coverage gaps and deviations in security tool configurations across enterprise assets. The Xanadu release introduces enhancements and new features that improve monitoring, insights, and automated remediation capabilities to better manage security posture.

    Show full answer Show less

    Key Features

    • Policy Monitoring: Use built-in or custom policies to track asset security tool coverage, compliance with configuration standards, critical security gaps, vulnerabilities, and internet exposure risk.
    • Advanced Asset Search: Query asset data from multiple supported API integrations (service graph connectors) and ServiceNow products for targeted analysis.
    • Custom Insights and Dashboard: Create tailored insights and monitor key security metrics via an enhanced dashboard experience in the Configured Insights module.
    • Security Posture Reporting: Generate reports for IT and security managers to communicate overall security posture and highlight priority vulnerabilities.
    • Mitigation Controls Monitoring: New in Xanadu, this feature identifies MITRE-described mitigation controls across on-premise and cloud assets, including Web Application Firewall (WAF) protections (e.g., F5 BIG-IP) and Endpoint Detection and Response (EDR) tools such as CrowdStrike and Microsoft Defender, mapping these controls to vulnerabilities automatically.
    • Integration with Vulnerability Response: Security Posture Control insights feed into Vulnerability Response risk calculators and remediation target rules to prioritize resolution efforts.
    • Automated Remediation: Findings from Security Posture Control policies can be published to the ServiceNow® Configuration Compliance application to automate remediation workflows.
    • Expanded Data Integrations: Support for importing agent and asset data from SentinelOne and Splunk via respective Service Graph Connectors into the ServiceNow AI Platform®.
    • Policy Builder Enhancements: Improved condition builder supports "With aggregated data" for better matching of assets with variable data reporting and expanded hardware asset properties.
    • Policy Audit Improvements: Policies exclude retired assets from evaluations but re-include assets when their state returns to Active.

    Activation and Upgrade

    Security Posture Control is available via the ServiceNow Store. Customers should ensure all prerequisite applications are installed when upgrading to the Xanadu release. Full installation and activation instructions are provided through the ServiceNow Store platform.

    The ServiceNow® Security Posture Control application provides cybersecurity teams with visibility into security tool coverage gaps and deviations from security tool configuration for their enterprise assets. Security Posture Control was enhanced and updated in the Xanadu release.

    Security Posture Control highlights for the Xanadu release

    • Use the policies included with the application or custom policies that you create to monitor your assets for overall security tool coverage, compliance with internal configuration standards, critical combinations of security gaps and vulnerabilities, and possible internet exposure.
    • Search for assets based on queries that you create for data from a wide variety of supported API integrations (service graph connectors) or ServiceNow products.
    • Create custom insights and monitor important metrics from a dashboard. Report on your overall security posture to IT, IT and security managers, and other key stakeholders.
    • Identify priority vulnerabilities and drive resolution through insights from Security Posture Control in Vulnerability Response risk calculators and remediation target rules.
    • Gain insight into which threats to your assets are mitigated by available mitigation controls based on how various security tools are configured with Mitigation Controls Monitoring.
    • Automate remediation workflows for security gaps by publishing findings from Security Posture Control policies in the ServiceNow® Configuration Compliance application.

    See Security Posture Control for more information.

    Important:
    Security Posture Control is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

    Important information for upgrading Security Posture Control to Xanadu

    For a complete list of the applications that are required to implement Security Posture Control, see Install Security Posture Control.

    New in the Xanadu release

    Mitigation Controls Monitoring with Security Posture Control
    From within the Security Posture Control workspace, detect mitigation controls of various types as described by MITRE on all on-premise and cloud enterprise assets. Gain insight into which threats to your assets are mitigated by available mitigation controls based on how various security tools are configured.
    • Activate mitigation control policies that are included with the application that identify MITRE mitigations on your assets.
    • Identify your assets that have Web Application Firewall (WAF) protection with supported tools that include F5 BIG-IP. Automatically map a WAF mitigation to vulnerable items by analyzing the policy signatures in the firewall and the Common Vulnerabilities and Exposures (CVE) information.
    • Identify exploit mitigation controls from endpoint protection or Endpoint Detection and Response (EDR) tools like CrowdStrike and Microsoft Defender. Automatically map the EDR exploit mitigation controls to relevant vulnerable items by analyzing the vulnerability information and the EDR mitigation control configuration.
    • Populate vulnerable items with relevant attributes that can be used in your Vulnerability Response risk calculator rules.
    • Import agent information from the SentinelOne product into your ServiceNow AI Platform® with the Service Graph Connector for Sentinel One.
    • Import asset data from the Splunk product into your ServiceNow AI Platform® with the Service Graph Connector for Splunk.
    Enhancements to custom insights in the Security Posture Control Workspace
    The name of the Custom insights module has been changed to the Configured insights module in the Security Posture Control Workspace.

    You must assign groups to organize your reports by categories when you create custom insight records. Groups determine where your data visualizations are displayed on the dashboard in the Configured insights module according to the criteria you set.

    Enhancements to the Condition policy builder in the Policies and findings module
    Select With aggregated data for Connection to ensure that your policy matches assets that have slight variations in reported data. The following properties for policies for hardware assets are supported as they’re reported by different sources:
    • Host name
    • FQDN
    • OS
    • OS Version
    • OS Domain
    • OS Service Pack
    Test result and remediation task state transitions
    Enhancements to policy audits ensure that retired assets are not evaluated by activated policies. If the state of an asset transitions from Retired back to Active, it is included in the next policy evaluation.

    Activation information

    Install Security Posture Control by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.