ServiceNow comes to ThreatWatch

by Ketan Nilangekar

Overview

A recent study reported that it took organizations an average of 197 days to spot a breach and 69 days to remediate it 1. That is a mind boggling 6 months to detect a potentially disastrous event that could have grave consequences to the future of the organization. Manual steps to track vulnerabilities added 12 days on average to coordinate responses across security and IT 1. Coordination across teams was also cited as the top incident response challenge in another study 2.

These challenges requires a combination of solutions that can effectively reduce the window of compromise by:

  • Using cutting edge vulnerability intel
  • Interfacing with a powerful asset discovery and management solution for up-to-date information on the attack surface
  • Applying the vulnerability intel to the assets in real-time to identify impacts
  • Disseminating the vulnerability intel and impact information to relevant parts of the organization via tickets

Keeping these factors in mind, ThreatWatch now has the ability to integrate with ServiceNow for asset discovery and ticketing. This is a winning combination for users who want to realize more ROI on their ServiceNow investment and leverage it for IT Security and Vulnerability Management. This also simplifies and enhances existing vulnerability management programs by bringing in the zero-touch, no-scan approach provided by ThreatWatch.

Asset Discovery Integration with ServiceNow

A new ServiceNow discovery plugin is now available with ThreatWatch which allows users to point their ThreatWatch instance to a ServiceNow instance which is also acting as a CMDB/Asset Database. This plugin can then be run on demand or on a schedule to discover assets and their associated software/hardware metadata that ThreatWatch needs for vulnerability impact assessment.

Once the assets are imported in ThreatWatch, the impact assessments are essentially a zero-touch effort with no intrusive scans required. Impacts are detected in near real-time and notified as per users preferences. Users also have the option of retroactive impact assessments in case there are significant changes in the asset database.

Ticketing with ServiceNow

ServiceNow tickets or incidents are a great way to communicate critical actionable security events to members of the IT security organization. Security teams are constantly looking out for information about threats, exploits, remediations, workarounds, patches and potential impacts to assets. The sooner this information is relayed to the security team, the better is the chance that the assets will be secured before they can be exploited.

The ServiceNow ticketing plugin in ThreatWatch allows users to point ThreatWatch to a ServiceNow instance and file incidents either when new vulnerabilities are discovered or when assets are determined to be impacted by a vulnerability.

Tickets are created to have all the information regarding the vulnerability, its impact on assets, available exploits, patches etc. Updates to vulnerabilities or assets are automatically recorded in the tickets. ThreatWatch also keeps a record of the tickets filed to potentially allow users to quickly view them in the ServiceNow console.

To sum up

Recent offerings from ServiceNow include the ServiceNow Security Operations which promise to make your security teams more efficient when responding to events. This means that security teams spend less time on manual tasks. The orchestration features offered by ServiceNow Security Operations will need to be augmented by real-time vulnerability intel and impact analysis to close the gap and build intelligent workflows from detection to remediation. Better connected IT and security teams will ensure the window of compromise is further reduced, vulnerability response times are improved and breaches are prevented.

The ServiceNow integration can now enable ThreatWatch be the tip of the spear for IT security teams to run effective vulnerability management programs by leveraging ServiceNow asset management and ticketing capabilities. This allows organizations to get better ROI from their ServiceNow investment as well as implementing fast, effective and automated proactive security in your organization.

To learn more, visit https://threatwatch.io

 

 

Disclaimer: All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

 

1 Ponemon Institute, Today’s State of Vulnerability Response: Patch Work Requires Attention. March 2018
2 Enterprise Strategy Group, Status Quo Creates Security Risks: The State of Incident Response. February 2018

Leave a Reply

Your email address will not be published. Required fields are marked *