Updated on March 10, 2025

Understanding Posture Score

Understanding Posture Score

SSPM Posture Score represents SaaS application’s security posture in terms of a score and a corresponding level. Every SaaS application is assigned a posture level, depending on the calculated posture score.

Netskope uses a proprietary algorithm to compute the posture score of each SaaS application. SSPM computes the posture score based on the number of failed findings considering the severity compared to the total number of findings generated based on SSPM rules enabled in the policy and on the risk score of 3rd Party Apps detected.

SSPM computes the posture score at the lowest level and then propagates up through the levels. While propagating up, the lowest score is taken from the lower level. The posture score is computed at the following levels:

  • Netskope Tenant – calculated at the customer’s Netskope account.

  • SaaS Application Suite – calculated at the app suite level like Microsoft365, Google Workspace, Salesforce, Atlassian, etc.

  • SaaS Account – calculated at the SaaS application account level that is set up via ‘Configure App Access’.

  • Application – calculated at individual application level. For example, with Google WorkSpace, the score is computed for Drive, Calendar, etc.

    The posture score and posture levels are mapped as follows:

    • Excellent – posture score ranging from 90 to 100.

    • High – posture score ranging from 75 to 89.

    • Medium – posture score ranging from 60 to 74.

    • Low – posture score ranging from 50 to 59.

    • Poor – posture score ranging from 0 to 49.

    • Unknown – cannot compute the posture score.

An application can be marked with `Unknown` posture score because of the following reasons:
– The SaaS application doesn’t have a SSPM policy configured, resulting in no findings for the application, and there are no 3rd Party Apps detected for the SaaS application.
– The rules that are part of the SSPM policy have not resulted in any findings, and there are no 3rd Party Apps detected for the SaaS application.

Let us consider an example of understanding the posture score that is computed at the lowest level, i.e. at application level, and propagated up through the levels. Assume the levels for Microsoft 365 app suite as:

Microsoft 365 (app suite) -> My Account (instance) -> Sharepoint, OneDrive, Defender (application)

If the posture score for individual applications is: 

  • Defender – 91
  • Sharepoint – 62
  • Onedrive – 76

Then, the upwards propagated posture score for My Account (instance) will be 62 and for Microsoft 365 (app suite) will be 62.

References

Share this Doc

Understanding Posture Score

Or copy link

In this topic ...