7 essentials for effective vulnerability response
TRANSCRIPT
© 2016 ServiceNow All Rights ReservedConfidential © 2016 ServiceNow All Rights ReservedConfidential
Seven Essentials for Effective Vulnerability Response
© 2016 ServiceNow All Rights Reserved 2Confidential
Hard facts about vulnerabilities • Unpatched vulnerabilities can lead to data breaches • The top 10 vulnerabilities accounted for 85% of successful exploit traffic • Time to detect a breach averages 201 days
Sources: 2016 Verizon Data Breach Investigations Report, Ponemon Institute 2016 Cost of a Data Breach Study
© 2016 ServiceNow All Rights Reserved 3Confidential
Why is incident response failing?
Source: Enterprise Strategy Group Status Quo Creates Security Risks: The State of Incident Response
© 2016 ServiceNow All Rights Reserved 4Confidential
Disagreement or confusion on process and ownership
?
?
?
© 2016 ServiceNow All Rights Reserved 5Confidential
QID 70000NETBIOS Vulnerability
VulnerabilityScan Results Database
You have many vulnerabilitiesNOW WHAT?
CVE-2009-0244Windows MobileVulnerability
Missing information about the vulnerability
QID 86476Web ServerVulnerability
CVE-2014-3566SSL Vulnerability
© 2016 ServiceNow All Rights Reserved 6Confidential
Emails, Spreadsheets, Phone Calls, Meetings, and Text Messages are difficult to measure and don’t provide an easy way to understand how your processes are performing, where the bottlenecks are, and how to improve them.
How are teams handling this today?
© 2016 ServiceNow All Rights Reserved 8Confidential
Tools to understand the impact of patches• Requires shared visibility with security and IT
© 2016 ServiceNow All Rights Reserved 11Confidential
Automation of basic tasks using orchestration
• Install Patch• Initiate Scan• Remote Analysis• Take Systems Offline• Configure Systems• Information Gathering
© 2016 ServiceNow All Rights Reserved 13Confidential
Checklist: Does your solution…
Provide a single source of truth across security and IT?
Prioritize all vulnerable items?
Automate basic tasks like approval requests or patching?
Provide business context through CMDB integration?
Ensure your security runbook is followed?
Quickly identify authorized approvers and subject matter experts?
Collect detailed metrics to track SLAs, drive post-incident reviews, and enable process improvements?
© 2016 ServiceNow All Rights Reserved 14Confidential
Introducing ServiceNow® Security Operations
Deliver EfficientSecurity Response
Visualize YourSecurity Posture
StreamlineRemediation
© 2016 ServiceNow All Rights Reserved 15Confidential
Introducing Security Operations
Security Incident Response Vulnerability Response
Threat Intelligence
© 2016 ServiceNow All Rights Reserved 16Confidential
Vulnerability Response
• Manage vulnerability investigations and remediation activities
• Integrates with the National Vulnerability Database
• Integrates with leading vulnerability identification solutions from Qualys, Rapid 7, and Tenable
• Seamless integration with Security Incident Response tasks, change requests, and problem management
© 2016 ServiceNow All Rights Reserved 17Confidential 17© 2016 ServiceNow All Rights ReservedConfidential 17© 2016 ServiceNow All Rights ReservedConfidential
Want to learn more?Check out the full report from Enterprise Strategy Group, Status Quo Creates Security Risks: The State of Incident Response
Read Sean Convery’s blog, Why Manual Processes Become Security RisksGet more information about ServiceNow Security Operations