Use case: Identify and address misconfigurations before they become business risks It9s not unusual for IT teams to maintain thousands of different software packages, systems, and devices. While most teams have processes in place to verify configurations, mistakes still happen. A newly installed router might have a password entered in clear text, which leaves it visible. Maybe an access control for a new firewall isn9t set up properly, leaving an opening for intruders. Perhaps security isn9t configured correctly for an S3 storage bucket in the AWS cloud, leaving sensitive data publicly exposed. Or the user of a device might have admin privileges that allow them to install unauthorized software or change important security settings, leaving an opening for an attacker to gain unrestricted network access. Standards and external regulatory compliance obligations (for example, SOX, PCI, and ISO) often include elements that attempt to address the business risk of misconfigured software, older protocols, and weak passwords. Enterprises translate these requirements into configuration hardening policies. Too often, however, organizations only identify misconfigurations after an attack. A better approach is to identify misconfigurations before they put your business at risk. Working through ServiceNow Security Operations Configuration Compliance, you can monitor data from security configuration assessment tools. But you now want to extend ServiceNow IRM continuous monitoring to your configuration hardening policies so that you can identify a failed configuration test result, assess the potential business impact, automatically create an issue, and proactively engage the responsible party to address the weakness before it is exploited. A compliance manager at work Several failed controls have popped up on my Policy and Compliance dashboard. Drilling into them, I see that the latest scan by our security configuration assessment tool has spotted misconfigured software. The data shows multiple Windows servers that don9t have the appropriate setting for maximum software password age, meaning there may never be a prompt to change the password4which creates an opportunity for a clever attacker. This could be the result of a software update or new installation. Figure 4: Continuous monitoring of controls shows the entities affected and identifies any policy exceptions 7