streamlining vulnerability remediation workflow · pdf fileabout servicenow servicenow is the...
TRANSCRIPT
INTEGRATION BENEFITS• Streamlined IT workflow by
utilizing the native ticketing solution leveraged by the IT operations team
• Automatic ticket generation within ServiceNow after a Nexpose scan is completed
• Flexible ticket creation that can be customized to open tickets by a specific severity threshold, sites, or asset groups
• Easy to configure and deploy
| Rapid7.com
Integration Brief
Streamlining Vulnerability Remediation Workflow with Rapid7 Nexpose and ServiceNow
Solution OverviewBeing proactive about security means more than simply conducting frequent security assessments of your enterprise assets. The key to securing your organization is applying the proper remediation steps in order to mitigate the risk of vulnerabilities. One of the challenges facing many organizations is incorporating the remediation lifecycle into their in-house ticketing solution already in place. Integrating Nexpose with ServiceNow solves this problem by automatically opening tickets when new vulnerabilities are discovered and closing tickets when vulnerabilities are fixed. Additionally, you have the ability to assign the tickets to the correct remediation teams. Lastly, with remediation tickets in the system, you now have the ability to report on which tickets have been successfully closed and compare them on the subsequent scans to see if they’ve been truly remediated.
How it WorksA Nexpose scan is conducted to assess the risk posture of the systems within an organization. The vulnerability data is then processed for each host. Next, at a periodic interval the ServiceNow connector is run to query Nexpose for the latest vulnerabilities and create the remediation tickets or close those fixed. A ServiceNow Administrator can then assign the tickets to the proper teams for remediation.
DesktopDataBase
FileServer
WebServer
Assessing Security Posture of Devices Remediation Tickets
Web API Call
About ServiceNow
ServiceNow is the enterprise IT cloud company. They transform IT by automating and managing IT service relationships across the global enterprise. Organizations deploy our services to create a single system of record for IT and automate manual tasks, standardize processes, and consolidate legacy systems. Using their extensible platform, their customers create custom applications and evolve the IT service model to service domains inside and outside the enterprise. ServiceNow transforms IT from the department of no the department of now.
About Rapid7
Rapid7 is a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security. We combine our extensive experience in security data and analytics and deep insight into attacker behaviors and techniques to make sense of the wealth of data available to organizations about their IT environments and users. Our solutions empower organizations to prevent attacks by providing visibility into vulnerabilities and to rapidly detect compromises, respond to breaches, and correct the underlying causes of attacks. Rapid7 is trusted by more than 4,150 organizations across 90 countries, including 34% of the Fortune 1000. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.
| Rapid7.com
Figure1: Nexpose remediation tickets opened within ServiceNow
WHAT YOU NEED:
• Rapid7 Nexpose
• Active ServiceNow account with valid access privileges
Overview of Integration ProcessStep 1: Nexpose performs security assessment
Step 2: Nexpose processes vulnerabilities per host
Step 3: Connector runs to query Nexpose for vulnerability data and creates tickets via the ServiceNow API
Step 4: A ServiceNow administrator reviews the tickets created and assigns them to their respective remediation teams