SPM Posture Score

SPM Posture Score

SSPM Posture Score represents SaaS application’s security posture in terms of a score and a corresponding level. Every SaaS application is assigned a posture level, depending on the calculated posture score.

This feature is currently in beta availability. Contact your sales representative or Netskope support team to learn more about the feature.

Netskope uses a proprietary algorithm to compute the posture score of each SaaS application. The posture score is computed depending on the number of failed findings compared to the total number of findings generated based on SSPM rules enabled in the policy and on the risk score of 3rd Party applications detected.

The posture score is computed at the lowest level and then propagated up through the levels. While propagating up, the lowest score is taken from the lower level. The posture score is computed at the following levels:

  • Netskope Tenant – calculated at the customer’s Netskope account.

  • SaaS Application Suite – calculated at the app suite level like Microsoft365, Google Workspace, Salesforce, Atlassian, etc.

  • Netskope Instance – calculated at the SaaS application account level that is set up via ‘Configure App Access’.

  • Application – calculated at individual application level. For example, with Atlassian, the score is computed for Jira and Confluence.

    The posture score and posture levels are mapped as follows:

    • Excellent – posture score ranging from 90 to 100.

    • High – posture score ranging from 75 to 89.

    • Medium – posture score ranging from 60 to 74.

    • Low – posture score ranging from 50 to 59.

    • Poor – posture score ranging from 0 to 49.

    • Unknown – can not compute the posture score.

An application can be marked with `Unknown` posture score because of the following reasons:
– The SaaS application doesn’t have a SSPM policy configured, resulting in no findings for the application, and there are no 3rd Party applications detected for the SaaS application.
– The rules that are part of the SSPM policy have not resulted in any findings, and there are no 3rd Party applications detected for the SaaS application.

Let us consider an example of understanding the posture score that is computed at the lowest level, i.e. at application level, and propagated up through the levels. Assume the levels for Microsoft 365 app suite as:

Microsoft 365 (app suite) -> My Account (instance) -> Sharepoint, OneDrive, Defender (application)

If the posture score for individual applications is: 

  • Defender – 91
  • Sharepoint – 62
  • Onedrive – 76

Then, the upwards propagated posture score for My Account (instance) will be 62 and for Microsoft 365 (app suite) will be 62.

Share this Doc

SPM Posture Score

Or copy link

In this topic ...