How to Improve Posture Score?

How to Improve Posture Score?

If the posture score of your apps and instances is poor, you can improve it for better security. You can improve the posture score by analysing either the 3rd Party Apps with the lowest posture score or the critical severity rules that have the highest number of failures. Given below are various ways of using SSPM to improve your security posture.

Analyse 3rd Party Apps

3rd Party App score has a significant impact on your security posture. Hence, managing your 3rd Party App security will be a good place to begin to improve your security posture. To check the access permissions for a third party app, follow the procedure:

1. Navigate to API-enabled Protection > Security Posture SaaS > 3rd Party Apps.

2. Click on any 3rd Party App, and a new right side window pane will appear with Permission and scope requested for this app.

   

3. Analyse the permissions for this 3rd Party App to improve the posture. As a remediation, you can remove this 3rd Party App for better health of your environment.

   Remediate Failed Finding by Severity

   Critical and High severity findings have a significant impact on your security posture and hence it is a good point to start with remediating failed findings for these severities. To remediate failed findings, follow the procedure:

   1. Navigate to API-enabled Protection > Security Posture SaaS > Apps.

   2. Click on the total Failed Findings number in the metrics section. The page will navigate you to the Findings page with failed results.

      

   3. Select Add Filter > Severity > Critical or High.

      

   4. Analyse the list of failed critical findings. Choose one rule by clicking on it.

   5. Navigate to the Remediation tab and follow the steps for remediation.

      

   Remediate Failed Finding by Rule

   In scenarios when you have a bulk of resources failing because of a particular rule, then it is good to remediate that rule. Remediating such rules will clear a bulk of your failed findings, giving you maximum reduction in your failed count. To remediate the rule failed for max number of resources, follow the procedure:

   1. Navigate to API-enabled Protection > Security Posture SaaS > Apps.

   2. Click on the total Failed Findings number in the metrics section. The page will navigate you to the Findings page with failed results.

   3. Click on the Rules tab.

   4. Sort the #Failed Resources column in the table in descending order. The rule at the top is the one with the most failed resources.

   5. Click on the rule and navigate to the Remediation tab and follow the steps for remediation.

      

   Remove unwanted Rules from Policy

   In some cases, some rules may not be relevant in your environment. In which case, you could consider disabling irrelevant rules to reduce the failed findings. To analyse the rules attached to a policy, follow the procedure:

   1. Navigate to Policies > Security Posture > SaaS > Policies.

      

   2. Select a policy by clicking on it.

   3. Click on the Rule and Action field to see the list of rules assigned to this policy. If the rule isn’t relevant, consider disabling it from the policy. You can review the rule by going through the description of the rule.

      

   4. Click Save.