Vulnerability Response module within the ServiceNow offers importin and automatically grouping of the vulnerable items according to group rules. This allows the organizations to remediate the vulnerabilities quickly. Data containing vulnerabilities is pulled from internal as well as external sources, such as National Vulnerability Database (NVD) or third-party integrations. An integration of these applications delivers security to your IT department, increases the speed and efficiency of the responses, and gives you a definitive view of your security posture. Below is the standard Vulnerability response flow provided by ServiceNow:
- Integrating the Vulnerability scanner
- Support available from Multi-source.
- Prioritizing the vulnerabilities
- Creating change requests and coordinating the remediation plan
- Confirming the vulnerability resolution
Security Incident Response:
The Security Incident Response (SIR) module delivers sound tracking of the security incidents from discovery and initial analysis, through containment, eradication, and recovery, and into the final post incident review, knowledge base article creation and eventually closure. It also empowers us to get an inclusive understanding of incident response process followed by the team of analysts and understand the bottlenecks in the procedures with analytic-driven dashboards and reporting.
- Discovering the Security Incident (SI)
- Analyzing the SI
- Containing, Eradicating and Recovering the SI
- Reviewing the results
Change Management module in ServiceNow provisions a User interface (UI) for analytically controlling the life cycle of all the changes and facilitating beneficial changes to be made with minimum disruption to IT services. Vulnerability response plugin has now been integrated with the Change Management module introducing extra functionality within Change Management. There are three types of Change requests:
- These change requests follow a prescriptive process requiring two levels of approvals before being implemented, reviewed, and closed. A full range of assessments and authorizations such as peer or technical approval, change management, and Change Advisory Board (CAB) authorization is required for the Normal Changes to ensure minimum disruption to the IT services.
- Standard change is frequently implemented, has repeatable implementation steps, and has a proven history of success for past 6 months or a year. Since the standard changes are pre-approved, they follow a streamlined process in which group level or peer approval and CAB authorization steps are not required.
- These types of changes must be implemented as soon as possible. Emergency Changes are usually used for resolving a major incident or implementing a security patch. Due to the criticality of the change, it is considered to be of a high priority which bypasses group and peer review and approval and goes directly to the authorization state for CAB approvals.