Operational Technology Vulnerability Solution Management

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Operational Technology Vulnerability Solution Management

    Operational Technology (OT) Vulnerability Solution Management, introduced in the Yokohama release and available within the Operational Technology Vulnerability Response application, streamlines the process of managing and remediating OT vulnerabilities. It addresses the challenges faced by security and IT teams in large organizations, where manually translating vulnerability findings into remediation tasks can be complex, time-consuming, and error-prone.

    Show full answer Show less

    This feature automatically correlates vulnerability findings with applicable remediation solutions, enabling teams to prioritize actions based on vulnerability severity. It also supports mitigating risks from vulnerabilities that cannot be immediately patched by applying compensating controls for OT environments.

    Key Features

    • Automated Correlation: Matches vulnerabilities to effective remediation solutions to simplify and accelerate response efforts.
    • Prioritization: Allows prioritization of remediation actions according to the risk severity of vulnerabilities.
    • Compensating Controls: Supports temporary risk mitigation for unpatchable vulnerabilities in OT setups.
    • Solution Intelligence Integration: Uses a generic framework to ingest solution data from vendors in various file formats, enhancing standardized and efficient data exchange.
    • Common Security Advisory Framework (CSAF) Support: Imports vulnerability solution data using the CSAF open-source, JSON-based standard supported by major vendors such as CISA, Siemens, Hitachi, and Schneider Electric.
    • Flexible CSAF Data Import Options: Supports importing CSAF data via file import, direct CSAF URLs, advisories, and APIs.
    • ROLIE Feed Integration: Enables importing CSAF data from vendor-specific or trusted provider ROLIE Feeds, reducing manual import effort and ensuring accurate mapping to vendors and vulnerable items based on CVEs.
    • Configuration Support: Setup Assistant guides configuration of vulnerability solution providers for streamlined management.
    • Visibility: Users can view all imported vulnerability solutions through the Vulnerability Response interface, where solution metrics are automatically updated by the plugin.

    Practical Benefits for ServiceNow Customers

    With OT Vulnerability Solution Management, ServiceNow customers gain a comprehensive, automated tool to manage OT vulnerabilities efficiently. It reduces manual workload, improves accuracy in remediation planning, and integrates seamlessly with existing Vulnerability Response capabilities. Customers can leverage standardized CSAF data imports to stay updated with the latest vendor solutions, prioritize remediation based on risk, and apply compensating controls where immediate patching is not feasible, enhancing overall OT security posture.

    Customers can access imported solutions and related vulnerable items via the Industrial Workspace, facilitating streamlined monitoring and management of OT vulnerabilities.

    Starting from the Xanadu version, Operational Technology (OT) Vulnerability Solution Management is a feature available within the Operational Technology Vulnerability Response application.

    Security and IT teams often spend a significant amount of time and effort to research vulnerability findings and identify the most effective solutions for their environment. In large organizations, translating vulnerability findings into remediation tasks is a manual, tedious, and error-prone process due to the volume and complexity of the vulnerabilities.

    OT Vulnerability Solution Management automatically correlates the vulnerability findings in your environment with possible solutions that remediate them. You can identify the remediation actions that apply to your vulnerabilities and prioritize them by the severity of the vulnerability risk. Also, you can mitigate the risk posed by vulnerabilities that cannot be patched immediately by using compensating controls for OT. For more information, see Use compensating controls for Operational Technology.

    The OT Vulnerability Solution Management feature is based on the feature available in the Vulnerability Response application. For more information on Vulnerability Solution management, refer to Vulnerability Solution Management.

    OT Vulnerability Solution Management supports the generic format for solution intelligence integration. The generic framework for solution intelligence integration ingests data in different file formats from solution vendors. These formats speed up information exchange and processing. It also improves critical security-related information sharing in a standardized reporting format. The supported file format is the Common Security Advisory Framework (CSAF), which is an open-source standard that provides JSON-based structured, machine-readable security advisories. Major vendors such as Cybersecurity & Infrastructure Security Agency (CISA), Siemens, Hitachi, Schneider Electric, and others support the CSAF format.

    The CSAF supported solution management includes the following key features:
    • Configuration through Setup Assistant. For more information, see Configure vulnerability solution providers.
    • Support of importing CSAF data through file import. For more information, see Import Common Security Advisory Framework data through file import.
    • Support of importing CSAF data through CSAF URL. For more information, see Import Common Security Advisory Framework (CSAF) data through CSAF URL. OT Vulnerability Solution Management enables you to import CSAF data from:
      • Individual vendors that support CSAF format and have a CSAF URL ROLIE Feed. You can use the CSAF URL ROLIE Feed provided by the vendor to import the CSAF data. For example, the Siemens URL ROLIE Feed.
      • CSAF Aggregators or Trusted Providers through a URL import that supports the ROLIE Feed. You can import CSAF data of multiple vendors from a Trusted Provider. For example, CISA is a Trusted Provider and you can import CSAF data of multiple vendors from the Industrial Control System (ICS) CSAF advisories located at the CISA’s GitHub CSAF repository. These vulnerability solutions are automatically mapped to the correct vendor and vulnerable items (VITs) based on the Common Vulnerabilities and Exposures (CVEs). Using a Trusted Provider reduces the time and effort required to import CSAF data from individual vendors' CSAF URLs.
    • Support of importing CSAF data through advisories or using the APIs. For more information, see Import Common Security Advisory Framework data from advisories.
    Note:
    Navigate to All > Vulnerability Response > Solutions > All to view the list of solutions you have imported using the preceding methods.

    The Vulnerability Response plugin takes care of updating the metrics statuses of the created solution.