Complete Vulnerability Automation

sean_convery · ‎03-16-2017

I've been spending a lot of time talking to customers over the last few weeks and I've heard a ton of great use cases for our Security Operations product. Let me share a great one right now. If you've been sitting on the sidelines as Enterprise Security Response has moved from concept to reality, this may come as a bit of a shock. We have a customer doing this in production today. You may want to sit down.

Here's what it looks like:

1. Vulnerability Scan kicks off via automated trigger from ServiceNow using Tenable, Qualys, Rapid7, etc..

2. Scan results are automatically attached to the asset repository maintained by IT.

3. Based on pre-defined rules--using both the criticality of specific vulnerabilities and the value of the asset / service affected--automatically create tasks for IT with specific SLAs to remediate the discovered vulnerabilities.

4. IT can then either trigger automatic patching for certain assets, conduct manual patching for others, and incorporate whatever test and validation procedures they require. All of this is part of a common vulnerability and patching workflow.

5. When the patch is marked complete by IT, security is notified and an automatic targeted re-scan is triggered by ServiceNow.

6. Assuming the vulnerability is addressed, the workflow concludes and a complete audit trail of the entire process is recorded, automatically.

7. All of this rolls up into high-level dashboards that highlight average time to remediate by specific criticality categories with overall SLA compliance trended over time. No more finger pointing, now IT and security have the data.

Zero people are involved at all from the security team beyond setting up the initial policies and workflow and reviewing the dashboards at the end. Let me say that again as you probably weren't prepared to read it: zero people are involved at all from the security team once the environment is setup.

And IT staff (worst case) get involved at step 4 only for any system that requires manual patching.

When our marketing department talks about working at light speed, this is what they mean. Complete automation, total visibility, available from ServiceNow today.

Boom.