The Now Platform® Washington DC release is live. Watch now!

Help
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Dawn Jurek
ServiceNow Employee
ServiceNow Employee

How are you responding to and remediating vulnerabilities on your network? Are you confident that you're finding and remediating critical vulnerabilities in a timely fashion? If your answer is "No," you're not alone. The typical enterprise response to vulnerabilities can be haphazard and chaotic. But there's a better way. 

In this installment of our NOWSupport best practices series, we provide a primer on Vulnerability Response within ServiceNow, and provide you with resources to learn more.

Be sure to check out our Vulnerability Response Overview video below from our NOWsupport YouTube channel, for more detailed info about how the Vulnerability Response application works on the ServiceNow platform.

 

To understand Vulnerability Response, you need to understand a few key concepts, so let's start by defining some terms. 

Vulnerability Response definitions

  • Hosts - Computers on the network.
  • Vulnerabilities - Records of security checklist references, security-related software flaws, misconfigurations, product names and impact metrics, downloaded from the National Institute of Standards and third-party vulnerability data producers.
  • Detections - Vulnerable items on the network; in other words, hosts with a vulnerability. 

Typical enterprise response vs. ServiceNow response to vulnerable items

Now let's look at two different approaches to resolving vulnerable items. They both start with scanners and/or security software checking the network and flagging hosts, detections, and vulnerabilities, resulting in a data dump of information that must be analyzed, prioritized, and remediated. 

As you can see in the infographic below, the way this data is handled via the typical enterprise response is very different from the ServiceNow response.

On the ServiceNow platform, the Vulnerability Response application automates the process, and works with these other applications to remediate vulnerabilities:

Configuration Management Database (CMDB) application - The Vulnerability Response application compares the scan data with the Configuration Items (CI) in the CMDB, and prioritizes remediation for critical items. This also narrows the list of vulnerabilities by identifying redundant detections in the scans; in other words, detections that apply to the same host and can be fixed with one patch.

Change Management application - By grouping vulnerable items into Vulnerability Groups based on criteria you define, you can create one change request to remediate one or more groups. After the change request is completed by the assigned group or user and set to the Resolved state, it won't move to the Closed state until a subsequent scan reports that all vulnerable items included in the group are remediated. 

Governance, Risk, and Compliance (GRC) - Each step in the Vulnerability Response process is completed and documented in the ServiceNow platform, so it dovetails perfectly with GRC, making it audit friendly.

 

find_real_file.png

 

For more information

Be sure to check out our Customer Success Center, where you can find best practices for Security Operations, and more.

Vulnerability Response (product documentation)

ServiceNow Vulnerability Response (white paper)

Automate Vulnerability Remediation Using Tenable and ServiceNow (solution brief)

Accelerate Efficiency: The Three Pillars of Security Response (response brief)

2017 State of Security Incident Response (infographic)

The Total Economic Impact of ServiceNow Security Operations (infographic)

 

--

 

Behind the scenes here at ServiceNow, the Knowledge Management and Multimedia teams work closely with subject matter experts to disseminate critical information to our customers. We've found that certain topics come up frequently, in the form of best practices that can help you keep your ServiceNow instances running smoothly. This series targets those topics so that you and your organization can benefit from our collective expertise. If you have a best practices topic you'd like us to cover in this series, please let us know in the comments below.

 

To access all of the blog posts in this series, see our NOWSupport best practices series list.

1 Comment