© 2016 ServiceNow All Rights ReservedConfidential © 2016 ServiceNow All Rights ReservedConfidential

Seven Essentials for Effective Vulnerability Response

© 2016 ServiceNow All Rights Reserved 2Confidential

Hard facts about vulnerabilities • Unpatched vulnerabilities can lead to data breaches • The top 10 vulnerabilities accounted for 85% of successful exploit traffic • Time to detect a breach averages 201 days

Sources: 2016 Verizon Data Breach Investigations Report, Ponemon Institute 2016 Cost of a Data Breach Study

© 2016 ServiceNow All Rights Reserved 3Confidential

Why is incident response failing?

Source: Enterprise Strategy Group Status Quo Creates Security Risks: The State of Incident Response

© 2016 ServiceNow All Rights Reserved 4Confidential

Disagreement or confusion on process and ownership

?

?

?

© 2016 ServiceNow All Rights Reserved 5Confidential

QID 70000NETBIOS Vulnerability

VulnerabilityScan Results Database

You have many vulnerabilitiesNOW WHAT?

CVE-2009-0244Windows MobileVulnerability

Missing information about the vulnerability

QID 86476Web ServerVulnerability

CVE-2014-3566SSL Vulnerability

© 2016 ServiceNow All Rights Reserved 6Confidential

Emails, Spreadsheets, Phone Calls, Meetings, and Text Messages are difficult to measure and don’t provide an easy way to understand how your processes are performing, where the bottlenecks are, and how to improve them.

How are teams handling this today?

© 2016 ServiceNow All Rights Reserved 7Confidential

What do you need to fix these issues?

© 2016 ServiceNow All Rights Reserved 8Confidential

Tools to understand the impact of patches• Requires shared visibility with security and IT

© 2016 ServiceNow All Rights Reserved 9Confidential

Prioritization

From This… To This…

© 2016 ServiceNow All Rights Reserved 10Confidential

Automatic routing to the right people

© 2016 ServiceNow All Rights Reserved 11Confidential

Automation of basic tasks using orchestration

• Install Patch• Initiate Scan• Remote Analysis• Take Systems Offline• Configure Systems• Information Gathering

© 2016 ServiceNow All Rights Reserved 12Confidential

SLAs, metrics, and reporting

© 2016 ServiceNow All Rights Reserved 13Confidential

Checklist: Does your solution…

Provide a single source of truth across security and IT?

Prioritize all vulnerable items?

Automate basic tasks like approval requests or patching?

Provide business context through CMDB integration?

Ensure your security runbook is followed?

Quickly identify authorized approvers and subject matter experts?

Collect detailed metrics to track SLAs, drive post-incident reviews, and enable process improvements?

© 2016 ServiceNow All Rights Reserved 14Confidential

Introducing ServiceNow® Security Operations

Deliver EfficientSecurity Response

Visualize YourSecurity Posture

StreamlineRemediation

© 2016 ServiceNow All Rights Reserved 15Confidential

Introducing Security Operations

Security Incident Response Vulnerability Response

Threat Intelligence

© 2016 ServiceNow All Rights Reserved 16Confidential

Vulnerability Response

• Manage vulnerability investigations and remediation activities

• Integrates with the National Vulnerability Database

• Integrates with leading vulnerability identification solutions from Qualys, Rapid 7, and Tenable

• Seamless integration with Security Incident Response tasks, change requests, and problem management

© 2016 ServiceNow All Rights Reserved 17Confidential 17© 2016 ServiceNow All Rights ReservedConfidential 17© 2016 ServiceNow All Rights ReservedConfidential

Want to learn more?Check out the full report from Enterprise Strategy Group, Status Quo Creates Security Risks: The State of Incident Response

Read Sean Convery’s blog, Why Manual Processes Become Security RisksGet more information about ServiceNow Security Operations