With the 2024 Washington D.C. release come various exciting updates to our Security Operations offering. Notably, the introduction of Security Posture Control to our suite of applications.
Security Posture Control
Security Posture Control helps organizations address the question "what assets do we need to protect?". This new product offers Asset Security Posture Management, providing visibility into security tool coverage gaps such as missing endpoint protection agent or missing configuration, on enterprise assets including on-prem devices and cloud based virtual machines. Customers using Security Posture Control and Vulnerability Response together enable Vulnerability Managers to define remediation targets and risk scores for vulnerabilities based on policy violation data from Security Posture Control. For example, assets missing endpoint protection or internet facing cloud assets missing critical security tools, can be automatically prioritized for vulnerability remediation/patching.
EPSS scoring integration
ServiceNow's Vulnerability Response Exploit Prediction Scoring System (EPSS) provides a fundamentally new capability for efficient, data-driven vulnerability management. It’s a data-driven effort that uses current threat information from CVE and real-world exploit data. The EPSS model produces a probability score between 0 and 1 (0 and 100%), where the higher the score, the greater the probability that a vulnerability will be exploited. Asset owners should consider many other aspects of the vulnerability, their network, the asset, and so on before making a final decision to remediate or delay remediation.
Cybersecurity Executive Dashboard
Updates to the Cybersecurity Executive Dashboard enable users to improve security posture by using key indicators to track goals. This dashboard helps CISOs benchmark security and risk metrics to report wins and support budget and planning, as well as gain early visibility into high priority vulnerability impact.
Vulnerability Crisis Management
As a centralized solution for critical event management, Vulnerability Crisis Management allows vulnerability teams to dig deeper into the life cycle of critical events using MSIM and Asset Exposure Assessment. Using this dedicated workspace, users can more simply calculate the risk for critical events.
MSIM updates
With Washington D.C., Major Security Incident Response sees important enhancements to support conference calling in MSIM for MS Teams, Zoom, and Webex. Using a framework in the ServiceNow platform, MSI managers see an easier process initiating calls with their key stakeholders to determine whether a security incident is major. Customers will be able to select who to invite to the call, and invitees will be notified via Teams notification for Teams calls, and via email for Zoom and Webex.
Security Incident Response Playbooks
As part of both SIR standard and professional, Washington D.C. reveals eight new security incident response playbooks for some of the most common security incident types. These playbooks can be used directly out of the box, modified as needed to fit a specific use case, or used as a template for creating an entire new playbook for that type of incident.
