The problem is that patching practices in many organizations are slow and disorganized. Too many teams are in charge of patching too many different systems, and security leaders typically lack visibility into who is staying on top of patching and who isn’t. It’s not that IT staffers don’t know the importance of patching; rather, the task often slips so far down the priority list that known vulnerabilities are left open for weeks or months at a time, putting critical systems and data at risk. Think of it like your health: We all know we should eat better and exercise more, but we often give our attention instead to more urgent (although ultimately less important) matters.
The good news is that many organizations already have a powerful tool to help streamline vulnerability management — the service management platform ServiceNow. Although some organizations use the platform primarily to manage help desk tickets, it’s capable of much more. The solution can also help organizations shore up vulnerabilities across their IT environments.
A common approach to managing vulnerability remediation is for security leaders to identify known vulnerabilities through their software tools, compile these into a spreadsheet and then email the list to relevant departments. However, many organizations have no real way to track the work and make sure it’s getting done. Essentially, security leaders are left hoping for the best. Because ServiceNow is a centralized platform, security leaders can track vulnerability management in real time.
Not all vulnerabilities are equal, of course. An isolated testing environment that has been left unpatched is one thing; an unpatched active financial system is another. Through integrations with vulnerability scanning tools, ServiceNow can keep track of device and application dependencies. So, instead of sending out context-free lists of all the unpatched vulnerabilities in the organization, security leaders can generate risk-based prioritization lists that include not only factors such as the severity of the risk, but also contextual information from the configuration management database, such as which services are impacted. This way, IT staffers’ work will have the greatest possible impact, and higher-risk vulnerabilities can be closed before attackers have time to exploit them.
Better Management of IT Teams
With vulnerability information centralized in ServiceNow, remediation teams can see exactly what they need to do. The platform features a global dashboard for management teams, while individual remediation teams have their own dashboards to keep track of their work.
This improved visibility allows IT and security leaders to assess and report on various teams’ progress and effectiveness regarding vulnerability management. Leaders even have a way to appeal to teams’ competitiveness — or, at the very least, their desire not to fall behind other teams. If 10 teams are involved in a critical remediation effort, and two of those teams aren’t pulling their weight, everyone else involved with the project is going to be able to see that.
Decreased Response Times
Organizations that use ServiceNow to coordinate vulnerability management have been shown to reduce their vulnerability response times by up to 60 percent. That means remediating a vulnerability in four weeks instead of 10 weeks — which could be the difference between an attack being stopped or getting through.