What’s new in the store for Software Asset Management – November Release

Software Asset Management enhances Vulnerability Response exposure assessments

In today's rapidly evolving cybersecurity landscape, a robust security posture is imperative. To fortify this, we merge vulnerability response management with software asset management. You can enhance your security posture by harnessing multi-discovered and normalized software data in your vulnerability response workflows. With ServiceNow Software Asset Management and Vulnerability Response, you can:

• Identify vulnerable software by utilizing normalized software asset data from various discovery sources.
• Schedule exposure assessments for ongoing identification of affected software, streamlining remediation through automated workflows.
• Experience faster turnaround times in addressing 0-day asset exposures.

Access the exposure assessment in multiple dashboards.

These assessments, supported by automated workflows, expedite the prompt remediation of identified vulnerabilities. Technical users can access the exposure assessment functionality through either the new vulnerability assessment workspace or the vulnerability manager workspace, provided they have installed the vulnerability emergency response plugin, along with prerequisites such as NVD and CISA integration.

The exposure assessment can use either the normalized software data from Software Asset Management Professional or Enterprise or the non-normalized data from discovered software data stored in the CMDB. However, the normalized data from Software Asset Management will give you the following advantages:

• CPE matching with normalized discovery model – Increases accuracy using CPE/software with the normalized discovery model data (normalized publisher, normalized product, normalized version, normalized edition, key, and display name), improving the reliability of exposure assessment results. 
• Increased probability for discovery model identification – Enhances the probability of capturing a comprehensive view of software assets exposed to vulnerable software.
• Reduced false positives – The integration of normalized discovery data from Software Asset Management (Professional or Enterprise) sets up a more accurate match, reducing the likelihood of mistakenly flagging non-existent software instances. 

Create or add CVE to do your exposure assessment.

In summary, the integration of software asset and vulnerability response management reinforces cybersecurity. The exposure assessment employs normalized software data for swift vulnerability identification, automates assessment processes, and enhances overall security resilience.