News



Vulnerabilities are the leading cause of data breaches, leading organizations to implement various vulnerability scanner solutions to identify the existence of vulnerabilities. However, a vulnerability scanner can return an overwhelming number of detected vulnerabilities, causing many Vulnerability Response teams to ask: How do we manage all of these?! ServiceNow uses vulnerability groups to assign individual vulnerabilities into groups so that the group can be prioritized and managed, greatly reducing the number of individual items that need to be addressed.

How Vulnerability Groups Work within ServiceNow

When a scanner identifies a vulnerability, ServiceNow pulls in that information and matches it up to the affected configuration item within the Configuration Management Database. This creates a vulnerable item. 

  • As vulnerable items are created, ServiceNow scans these in real time using easily configured rules and groups them into logically workable vulnerably groups.

  • Once the group is created, assignment rules are used to automatically assign the vulnerability group to the correct team that will resolve the vulnerabilities. 

  • At the same time, using information from the vulnerability definition and configuration item, as well as any other data available to ServiceNow, the vulnerability group is automatically prioritized and given a risk score. This gives us insight into what poses the highest risk to the organization and allows us to prioritize resolution appropriately. 

  • Once a team is assigned the vulnerability group, they can easily work on resolving all the grouped vulnerabilities in one place. From the vulnerability group, it is easy to perform actions such as create a change request, defer the vulnerability, or even automate patching of the affected systems.

| Read More: ServiceNow Vulnerability Response: A Closer Look at Exception Handling

Why Vulnerability Groups are Awesome


ServiceNow takes an enormous amount of data identified by a vulnerability scanner and automatically groups them together. It then prioritizes their risk level and assigns the groups to teams. Using vulnerability groups, organizations can take the hundreds of thousands (or millions) of vulnerabilities that may be discovered by a scanner and reduce the time to resolve these from weeks (or months) into days (or even hours!). By automating the manual process of interpreting each individual vulnerability and grouping them together, ServiceNow saves organizations time and money. For more information about vulnerability groups, watch the above video.

Need Help with Vulnerability Response?

No matter where you are on your maturity journey, Cerna Solutions has you covered when it comes to handling vulnerabilities on the ServiceNow platform. Recognized as a ServiceNow "Elite" partner, we are a team of 100% US-based ServiceNow professionals who specialize in ServiceNow Vulnerability Response. Our approach to Security Operations has earned us a repeat customer rate of 91%, and a customer satisfaction score of 9.7/10. Learn more about our ServiceNow Security Operations offerings, or contact us for more information.




Updated: Apr 21


Your security team can save time by automating manual processes within ServiceNow. Power-up ServiceNow’s vulnerability response capabilities by integrating Qualys or your other vulnerability scanners. 

Vulnerability Rescan (or Closed Loop Validation)


ServiceNow leverages integrations with vulnerability response scanners such as Qualys, Repid7, and Tenable to validate the remediation of found vulnerabilities that have been marked as resolved in ServiceNow. This automation assures that vulnerabilities are tracked until they are no longer present and provides swift feedback to remediation teams when patching activities fail, assuring quick resolution.

The Rescan Process

Once a vulnerable item or group is identified as being resolved, the system automatically creates a scan request to the source vulnerability scanner (Qualys for the purposes of this post) to scan the identified asset. Once the scan is complete, the results are returned to ServiceNow and the vulnerability is updated:

  1. If the scanner found the vulnerability to be resolved, the vulnerable item or vulnerable group is transitioned automatically by ServiceNow to the closed state. 

  2. If it is unresolved, it is moved back to the open state.

The Rescan is triggered, when the vulnerable item or vulnerable group is placed into the resolved state, the state lifecycle can be seen below.


Using ServiceNow as the command center for Vulnerability Response and Qualys as the example vulnerability scanner, this video brings the process of rescanning to life. 

Need Help with Vulnerability Response?

No matter where you are on your maturity journey, Cerna Solutions has you covered when it comes to handling vulnerabilities on the ServiceNow platform. Recognized as a ServiceNow "Elite" partner, we are a team of 100% US-based ServiceNow professionals who specialize in ServiceNow Vulnerability Response. Our approach to Security Operations has earned us a repeat customer rate of 91%, and a customer satisfaction score of 9.7/10. Learn more about our ServiceNow Security Operations offerings, or contact us for more information.





Our Emergency Response Team has developed an Implementation Guide for ServiceNow’s Crisis Management applications to help the communities that we live in quickly respond to the COVID-19 pandemic.


About the ServiceNow Applications

The Emergency Response Operations application optimizes staff and resources to support emergency response for public agencies and other organizations.


The Emergency Outreach application provides a mechanism for employees and contingent workers with access to your ServiceNow application to report their health status.


The Emergency Exposure Management application helps identify and manage exposure risk when an employee is diagnosed with an illness.


The Emergency Self Report enables employees to report illnesses and readiness to return, and initiates workflows to help managers respond.


About the Guide

Our ServiceNow Emergency Self Report Guide provides guidance on how to get started. It assumes you have already installed the applications into an existing ServiceNow instance. For information on how to install the applications, visit the ServiceNow documentation website.






About Cerna Solutions

Founded in 2012, we are a team of 100% US-based ServiceNow experts, dedicated to revolutionizing the place of work. In these uncertain times, we are happy to donate our expertise to impacted communities. If you have a need, we are here to serve.





Start Now

Security & Risk Solutions
IT Solutions
Business Solutions
HR Solutions
Customer Solutions
CS 2020 LOGO - solutions tagline (white)

Email:    info@cernasolutions.com

Phone:  +1 844 804 6111 (US)

               +44 (20) 33254077 (UK)

  • White LinkedIn Icon
  • White YouTube Icon
  • White Twitter Icon
Company
Insight
Products
ServiceNow Services

© 2020 Cerna Solutions, Inc. All Rights Reserved. 2056 Palomar Airport Road Carlsbad, CA, 92011.