Security controls allow you to reduce visibility gaps by providing a clear, granular picture of the security mechanisms deployed in your cloud environment. This helps you go from managing inherent risk (theoretical danger in a vacuum) to quantifying residual risk, meaning the actual danger remaining after your defenses do their job. With Security Controls you can move beyond counting defects and alert fatigue to a more accurate view of your risk landscape that takes into account the defenses you already have in place.
Before you proceed with implementation and rollout, it is important to understand the following key concepts:
Security control: This is the security measure or technology you have deployed, for instance, a Palo Alto Networks Next Generation Firewall (NGFW). You can inform Cortex XDR about the existence of risk mitigation devices or custom security controls.
Compensating control: This is the effectiveness of a technology against a specific finding, for instance, NGFW's effectiveness in mitigating against Log4Shell. You can specify how effective a control is to mitigate risk for specific findings and issues, using states like Effective, Partially Effective or Not Effective.