How We Helped Our Client Achieve a 96% Overall Compliance Score With ServiceNow SecOps Transformation

Challenge: Streamlining vulnerability management process with ServiceNow OOTB

The client utilized ServiceNow for security + operations (SecOps). They faced numerous challenges in their vulnerability management process, leading to errors, delays, and lack of automation.

Implementation complexity:The client previously engaged with a partner to customize Vulnerability Response (VR) application. Due to improper implementation, the application could not keep up with the latest features and upgrades of ServiceNow, significantly impacting their vulnerability management process.

Custom solution for vulnerability tracking: The client implemented custom workflows in Problem Management application to track the vulnerability remediation process. However, multiple customizations hindered the adoption of new ServiceNow upgrades, adding further complexity to the process.

Outdated Tenable integration plugins: In addition to these challenges, the integration between their existing systems and Tenable (vulnerability scanning software) plugins had become outdated and disjointed. This resulted in stale records and duplicate entries.

The client sought a team of experts to address these challenges and implement a future-proof SecOps framework.

Solution: Transforming vulnerability management with a ServiceNow SecOps

We analyzed their legacy ServiceNow SecOps implementation and organizational model. Further, we collaborated with key stakeholders to highlight the benefits of migrating to ServiceNow baseline version and devised a strategic solution.

Streamlining vulnerability management application: We eliminated the majority of custom fields, developed for the integration of Tenable and ServiceNow. Then, we configured rule-based workflows for vulnerability exceptions & false positives to accelerate the remediation process.

• Exception workflows will shift the vulnerabilities of outdated assets to the exception list after a single-level approval. This automation reduced manual interventions and remediation efforts.
• False positive workflow will identify and push the false hits directly to the closed state, reducing the workload for cyber analysts.

Enhancing vulnerability tracking and task management: To enable smoother task management and remediation traceability, we deprecated the customized integration of Problem Management & VR application. Instead, we implemented remediation task rules within the VR application using ServiceNow’s out-of-the-box solution. This customization helped to track vulnerabilities, group & assign records to competent analysts and ensure hassle-free adoption of the ServiceNow upgrades.

Migration to ServiceNow plugins: We migrated the outdated Tenable integration plugins to ServiceNow plugins. With these plugins, we seamlessly integrated ServiceNow and Tenable data, without any data anomalies and compliance risks.

Precise vulnerability mapping and asset inventory management: We configured Identification Reconciliation Engine (IRE) and Configuration Item (CI) lookup rules to map the vulnerability data with the right assets.

• If Tenable data matches with the existing asset entries in CMDB, the configured CI lookup rules will map the corresponding vulnerability data to the assets.
• If not, IRE rules will gather new asset details, classify the category and create a new entry in the CMDB. Further, the vulnerability data will be associated with the new asset entry. This helped in precise and accurate asset inventory management.

Persona-specific workspace migration: To enrich the user experience, we additionally developed persona-specific workspaces for managers and cyber analysts. We transformed legacy UI to Workspace UI, enhancing visibility and simplifying day-to-day security operations.

To ensure a successful ServiceNow SecOps adoption, we delivered comprehensive training for the client’s in-house SOC team, to navigate and excel in the baseline version.

Benefits: Achieving an efficient vulnerability management process

• 54% reduction in false positive and vulnerability exception processing time, saving valuable resources and effort.
• 4x faster vulnerability remediation time, enabling efficient handling of security risks.
• The client’s overall compliance score reached 96%, by adhering to baseline features.
• The client could visualize a holistic view of infrastructure vulnerabilities, leading to smarter decision-making and response strategies.

“The best part of this engagement is that the client extended our collaboration for phase 2 enhancements and support.”

Unlock the full potential of ServiceNow SecOps by partnering with us

Whether you are facing various security challenges or aiming to optimize your vulnerability management process, we have the expertise to tackle them head-on.

Our experts at Zeb will work closely with your team, understand your specific needs and provide fitting solutions that will enhance your security operations.

Partner with us to embark on the transformation journey.