ServiceNow’s Vulnerability Response solution allows you to manage the work required to remediate vulnerabilities in your enterprise. In general, Vulnerability Response strives to address vulnerabilities as quickly as appropriate, thereby reducing risk to the IT estate and the business. Not all vulnerabilities introduce the same degree of risk or require a “drop everything and fix” response. In fact, sometimes, it is a better use of time and resources to delay the remediation of known (and low risk) vulnerabilities. But, then, how do you manage those exceptions?
The Exception Process
ServiceNow provides a straight-forward, out-of-the-box workflow that makes it easy to request a deferment on a single vulnerable item or vulnerable group (of items). Here’s how it works:
The remediation analyst (who may be a system administrator, an IT analyst or system owner) tasked to remediate a vulnerability identifies the need to delay remediation.
The analyst marks the vulnerability state as “Deferred” in the vulnerability record.
The analyst provides a reason for the deferral request and specifies a deferment window (by selecting a date in the future at which point the vulnerability will become active again).
The system routes the deferral request for approval. (Typically, approval is granted by the vulnerability remediation team, the IT Risk Management team or, in some cases, the CISO.)
Approvers review the vulnerability and consider the need for the delay as well as the deferment window, both of which are available for context during the review.
When the deferment period nears, the assigned team members are notified that it’s “showtime” and remediation activities ensue.
Note: It is best practice to set an expiration for every exception. At expiration, the vulnerability is remediated or re-evaluated for a new exception. As the expiration date nears, notifications should be sent to anyone assigned a deferred vulnerability. This is a common configuration item during implementation.
Your Exception Process
For organizations that practice more mature exception handling, ServiceNow’s out-of-the-box exception workflow is an excellent “jumping off point”. The workflow is easily configurable to reflect more complex practices.
No matter where you are on your maturity journey, Cerna Solutions has you covered when it comes to handling vulnerability exceptions on the ServiceNow platform. For a walkthrough of the process, check out our video above.
Need help with Vulnerability Response?
Recognized as a ServiceNow "Elite" partner, we are a team full of 100% US-based ServiceNow professionals who specialize in ServiceNow Vulnerability Response. Our approach to Security Operations has earned us a repeat customer rate of 91%, and a customer satisfaction score of 9.7/10. Learn more about our ServiceNow Security Operations offerings, or contact us for more information.