In this blog post we are going to talk about a new feature in Instance Security Center that ServiceNow added in the New York release, Top Recommendations.
Top Recommendations is a new page that ask you a few questions to determine your security risk tolerance. These questions are from four popular security categories: Access Control, Attachments, Session Management and Email Security.
Access Control – Gives you the ability to blacklist or whitelist ip ranges.
Attachments – Limit the types of files that can be uploaded to ServiceNow.
Session Management – Manage Failed Login Attempts, enable Multi-factor authentication.
Email Security – Restrict image rendering in email HTML body previews.
The controls that are exposed on the Top Recommendations page are not new features to ServiceNow. These features have been part of the platform but due to the increased focus on security by ServiceNow and many other SaaS providers, end users are starting to expect a security center or dashboard they can quickly look at and either enable/disable security controls or check security metrics.
Here is a quick example of how a security engineer can be more effective with Instance Security Center. As I covered in last month’s blog post Instance Security Center has a score card that shows you the number for failed logins. If someone was trying to brute force attack your instance. That is very easy to identify in Instance Security Center. Once you have identified the source IP address. If you are already in Instance Security Center, you are only a few clicks away from being able to create a rule to blacklist that IP address from your instance.