In a time where digital innovation and technology evolution continues to move forward at light speed, it is becoming increasingly necessary for organisations to improve their cyber resilience and security posture. As organisations continue to invest in technology to improve ways of working and drive efficiencies, platforms like ServiceNow, are helping to connect a complex ecosystem of cyber security toolsets to support effective management of vulnerabilities and security incidents.

The two most prevalent capabilities in ServiceNow that are seeing increasing adoption in the market, are the Vulnerability Response and Security Incident Response Applications. These capabilities integrate with a variety of enterprise capabilities (Qualys, Tenable, Rapid7, etc) to help track, manage, respond and remediate vulnerabilities and cyber security incidents in pre-defined workflows within ServiceNow.

The Cyber Security capabilities in ServiceNow have a heavy reliance on a mature Configuration Management Database (CMDB) to help enrich and provide context to vulnerabilities and cyber incidents, helping to drive improved context and mean-time-to-resolve. For one of AC3’s ServiceNow customers, when the Log4J vulnerability was detected in December 2021, the customer was able to assess the scale and impact within four hours, at 96% accuracy. As this scenario played out, it provided a great deal of confidence and validation for the investment in maturing and maintaining a robust CMDB, due to how beneficial it was to assess risk and impact of the vulnerability. It was a true sign of how ServiceNow was at the centre of helping to maintain and underpin digital resilience.

Some of the key benefits of bringing in delivery components associated with Cyber Security into ServiceNow within the Security Operations suite, is the ease in which delivery teams can be engaged to participate in remediation and the associated reporting that helps to govern the underlying processes. The capabilities help to break down siloes and when coupled with core IT Service Management (ITSM) and Governance, Risk and Compliance (GRC) capabilities, helps to provide a holistic view of risks, issues, security posture, associated impacts and performance pertaining to Cyber Security.

AC3 Recommendations:

  • Ensure a mature CMDB dataset is in place before investing in Security Operations.

  • Integrate the security stack where possible and where it makes sense, to help provide a consolidated view across the technology ecosystem for Cyber Security.

  • Integrate process capabilities on-platform to help provide more holistic reporting through related lists and to aid in broader transparency across the cyber technology stack..

  • Support Cyber Security Processes with seamless integration at a process level between Major Incident Management, Incident Management, Security Operations, and Change Management. The tooling will guide how a process works, but there are people-related elements and hand-offs that require definition.

  • Be prepared for a significant volume of vulnerabilities to be identified upon enablement of the Vulnerability Response application. Define a plan prior to launch, for what will be treated and in what order.

  • Ensure platform teams and process personnel outside of Cyber Security are taken on the journey to compliment the solutions being deployed.

For more information on how we can help you improve your digital resiliency with ServiceNow, click here.