Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

7 Essentials for Effective Vulnerability Response

664 views

Published on

Discover a new approach to vulnerability response that seamlessly connects Security with IT, allowing teams to spend less time managing simple tasks and more time preventing advanced attacks.

Published in: Technology
  • Be the first to comment

7 Essentials for Effective Vulnerability Response

  1. 1. © 2016 ServiceNow All Rights ReservedConfidential © 2016 ServiceNow All Rights ReservedConfidential Seven Essentials for Effective Vulnerability Response
  2. 2. © 2016 ServiceNow All Rights Reserved 2Confidential Hard facts about vulnerabilities • Unpatched vulnerabilities can lead to data breaches • The top 10 vulnerabilities accounted for 85% of successful exploit traffic • Time to detect a breach averages 201 days Sources: 2016 Verizon Data Breach Investigations Report, Ponemon Institute 2016 Cost of a Data Breach Study
  3. 3. © 2016 ServiceNow All Rights Reserved 3Confidential Why is incident response failing? Source: Enterprise Strategy Group Status Quo Creates Security Risks: The State of Incident Response
  4. 4. © 2016 ServiceNow All Rights Reserved 4Confidential Disagreement or confusion on process and ownership ? ? ?
  5. 5. © 2016 ServiceNow All Rights Reserved 5Confidential QID 70000 NETBIOS Vulnerability Vulnerability Scan Results Database You have many vulnerabilities NOW WHAT? CVE-2009-0244 Windows Mobile Vulnerability Missing information about the vulnerability QID 86476 Web Server Vulnerability CVE-2014-3566 SSL Vulnerability
  6. 6. © 2016 ServiceNow All Rights Reserved 6Confidential Emails, Spreadsheets, Phone Calls, Meetings, and Text Messages are difficult to measure and don’t provide an easy way to understand how your processes are performing, where the bottlenecks are, and how to improve them. How are teams handling this today?
  7. 7. © 2016 ServiceNow All Rights Reserved 7Confidential What do you need to fix these issues?
  8. 8. © 2016 ServiceNow All Rights Reserved 8Confidential Tools to understand the impact of patches • Requires shared visibility with security and IT
  9. 9. © 2016 ServiceNow All Rights Reserved 9Confidential Prioritization From This… To This…
  10. 10. © 2016 ServiceNow All Rights Reserved 10Confidential Automatic routing to the right people
  11. 11. © 2016 ServiceNow All Rights Reserved 11Confidential Automation of basic tasks using orchestration • Install Patch • Initiate Scan • Remote Analysis • Take Systems Offline • Configure Systems • Information Gathering
  12. 12. © 2016 ServiceNow All Rights Reserved 12Confidential SLAs, metrics, and reporting
  13. 13. © 2016 ServiceNow All Rights Reserved 13Confidential Checklist: Does your solution… Provide a single source of truth across security and IT? Prioritize all vulnerable items? Automate basic tasks like approval requests or patching? Provide business context through CMDB integration? Ensure your security runbook is followed? Quickly identify authorized approvers and subject matter experts? Collect detailed metrics to track SLAs, drive post-incident reviews, and enable process improvements?
  14. 14. © 2016 ServiceNow All Rights Reserved 14Confidential Introducing ServiceNow® Security Operations Deliver Efficient Security Response Visualize Your Security Posture Streamline Remediation
  15. 15. © 2016 ServiceNow All Rights Reserved 15Confidential Introducing Security Operations Security Incident Response Vulnerability Response Threat Intelligence
  16. 16. © 2016 ServiceNow All Rights Reserved 16Confidential Vulnerability Response • Manage vulnerability investigations and remediation activities • Integrates with the National Vulnerability Database • Integrates with leading vulnerability identification solutions from Qualys, Rapid 7, and Tenable • Seamless integration with Security Incident Response tasks, change requests, and problem management
  17. 17. © 2016 ServiceNow All Rights Reserved 17Confidential 17© 2016 ServiceNow All Rights ReservedConfidential 17© 2016 ServiceNow All Rights ReservedConfidential Want to learn more? Check out the full report from Enterprise Strategy Group, Status Quo Creates Security Risks: The State of Incident Response Read Sean Convery’s blog, Why Manual Processes Become Security Risks Get more information about ServiceNow Security Operations

×