* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Security Operations](https://www.paloaltonetworks.com.au/blog/security-operations/)
* [Must-Read Articles](https://www.paloaltonetworks.com.au/blog/security-operations/category/must-read-articles/)
* Stop Chasing Ghosts: The ...

# Stop Chasing Ghosts: The Strategic Case for Compensating Controls

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsecurity-operations%2Fstop-chasing-ghosts-the-strategic-case-for-compensating-controls%2F)  
[](https://twitter.com/share?text=Stop+Chasing+Ghosts%3A+The+Strategic+Case+for+Compensating+Controls&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsecurity-operations%2Fstop-chasing-ghosts-the-strategic-case-for-compensating-controls%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsecurity-operations%2Fstop-chasing-ghosts-the-strategic-case-for-compensating-controls%2F&title=Stop+Chasing+Ghosts%3A+The+Strategic+Case+for+Compensating+Controls&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/security-operations/stop-chasing-ghosts-the-strategic-case-for-compensating-controls/&ts=markdown)  
\[\](mailto:?subject=Stop Chasing Ghosts: The Strategic Case for Compensating Controls)  
Link copied  
By [Alexandre Cezar](https://www.paloaltonetworks.com/blog/author/alexandre-cezar/?ts=markdown "Posts by Alexandre Cezar") and [Brendan Powers](https://www.paloaltonetworks.com/blog/author/brendan-powers/?ts=markdown "Posts by Brendan Powers")  
Feb 11, 2026  
3 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)  
[Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)  
[Compensating Controls](https://www.paloaltonetworks.com/blog/tag/compensating-controls/?ts=markdown)  
[Cortex Exposure Management](https://www.paloaltonetworks.com/blog/tag/cortex-exposure-management/?ts=markdown)  
[Inherent Risk](https://www.paloaltonetworks.com/blog/tag/inherent-risk/?ts=markdown)  
[Residual Risk](https://www.paloaltonetworks.com/blog/tag/residual-risk/?ts=markdown)  
[Risk Attestation](https://www.paloaltonetworks.com/blog/tag/risk-attestation/?ts=markdown)  
[SecOps](https://www.paloaltonetworks.com/blog/tag/secops/?ts=markdown)  
[Security Controls](https://www.paloaltonetworks.com/blog/tag/security-controls/?ts=markdown)  
[Vulnerability Management](https://www.paloaltonetworks.com/blog/tag/vulnerability-management/?ts=markdown)

Security teams operate in a state of cognitive dissonance where one screen shows relentless vulnerabilities and rising severity scores. But another shows reality: firewalls are holding, IPS is active, and custom configurations have blocked the exploit paths.

This gap between what scanners see and what defenses stop creates a dangerous distortion. By relying solely on scanner visibility, teams are forced into a "theoretical emergency," chasing inflated risk scores that ignore the work of active defenses.

We must move beyond simply counting defects. This is the strategy behind the new **Security and Compensating Controls feature for Cortex Exposure Management** . It enables a paradigm shift from managing inherent risk (theoretical danger in a vacuum) to quantifying *residual* risk, meaning the actual danger remaining after your defenses do their job.

### **The Visibility Gap**

Traditional vulnerability management rewards volume over value. Scanners are diligent but myopic; they detect missing patches but ignore compensating controls, such as firewall rules or physical security measures.

The result is operational chaos. Security leaders face a scenario of seeing a critical risk score of 100 even when an NGFW rule has already neutralized the threat. This false urgency causes resource misallocation and fuels the industry's most pervasive ailment: alert fatigue.

If everything is critical, nothing is.
![Fig. 1: Security and Compensating Controls dashboard displaying the inventory and effectiveness of deployed defenses.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2026/02/word-image-352217-1.jpeg)
Fig. 1: Security and Compensating Controls dashboard displaying the inventory and effectiveness of deployed defenses.

### **Bringing Intelligence to the Table**

Our new architecture separates a control's *existence* from its *effectiveness*. It uses a two-dimensional model accounting for:

* **Security Controls:** The technology itself (e.g., an NGFW or XDR agent).
* **Compensating Controls:** The specific mitigation action (e.g., blocking an exploit).

Cortex Exposure Management validates effectiveness through both automated and manual methods. It automatically infers risk mitigation for supported products while also providing a system for human attestation. This allows analysts to explicitly define controls and verify their effectiveness against specific findings, transforming the platform into a comprehensive system of record.
![Fig. 2: Vulnerability detail interface showing the manual attestation of compensating controls.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2026/02/screenshot-2025-12-05-at-12-01-38-jpg.jpeg)
Fig. 2: Vulnerability detail interface showing the manual attestation of compensating controls.

### **From Ticket-Takers to Risk Managers**

The strategic value of Cortex Exposure Management's Security and Compensating Controls extends far beyond cleaning up a dashboard. It fundamentally elevates the security analyst's role. No longer relegated to the reactive position of a "ticket-taker" chasing false positives, the analyst becomes a strategic risk manager capable of data-driven prioritization.

For the CISO and SOC Director, this nuance holds vital importance for two distinct reasons:

* **Optimized Operations:** By filtering out the noise of mitigated risks, teams can focus finite resources on the genuine, unmitigated threats that actually require patching.
* **Empowered Decision Making:** Security controls translate technical obscurity into business logic. Leadership can now justify security budgets by demonstrating the tangible value of existing investments and make informed decisions on strategic risk acceptance based on accurate residual scores.

### **A New Source of Truth**

If a firewall rule, prevention policy, or segmentation control already breaks the exploit path, your vulnerability list should reflect that reality. Cortex Exposure Management's Security and Compensating Controls lets you validate mitigation, capture attestation, and prioritize only the exposures that remain truly reachable.

**Book a [personalized demonstration](https://www.paloaltonetworks.com/cortex/request-demo?utm_source=google-jg-amer-cortex-socf-siem&utm_medium=paid_search&utm_campaign=google-cortex-xsiam-amer-multi-lead_gen-en-brand&utm_content=7014u000001eFwiAAE&utm_term=xpanse&cq_plac=&cq_net=g&gad_source=1&gad_campaignid=21711491258&gbraid=0AAAAADHVeKlv3WUKgSrcGmHe27tmGZETM&gclid=EAIaIQobChMIo-ar77WQkAMVZyGtBh32dTtlEAAYASABEgKI8fD_BwE) to see how quickly you can cut false urgency, accelerate patch focus, and report residual risk with credibility.**

*** ** * ** ***

## Related Blogs

### [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Beyond the Cloud Dashboard: Exposure Management Requires Full-Scope Visibility and Real Action](https://www.paloaltonetworks.com.au/blog/security-operations/beyond-the-cloud-dashboard-exposure-management-requires-full-scope-visibility-and-real-action/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Breaking Down Security Silos: How XDL Powers Advanced Threat Operations](https://www.paloaltonetworks.com.au/blog/security-operations/breaking-down-security-silos-how-xdl-powers-advanced-threat-operations/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### How Long Does It Take to Inventory All of Your Organization's Assets?](https://www.paloaltonetworks.com.au/blog/security-operations/how-long-does-it-take-to-inventory-all-of-your-organizations-assets/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### From ILOVEYOU to AI Defenders -- 25 Years of Email Evolution](https://www.paloaltonetworks.com.au/blog/security-operations/from-iloveyou-to-ai-defenders-25-years-of-email-evolution/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### What's New in Cortex](https://www.paloaltonetworks.com.au/blog/security-operations/whats-new-in-cortex/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### SIEM Replacement Made Easy (Yes, Really!)](https://www.paloaltonetworks.com.au/blog/security-operations/siem-replacement-made-easy-yes-really/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language