The organisation was struggling to effectively manage reports showing hundreds of thousands of vulnerabilities occurring on an IT estate with 9+ million Configuration Items.
Our challenge was to introduce the Vulnerability Remediation (VR) module to the ServiceNow platform and make IT work.
What we did
The team implemented the Vulnerability Module, and configured integrations with the security scanning tools and data on vulnerability significance and risk levels.
Further integrations with Enterprise Architecture tools enabled the team to link business owner with the IT they control, so ownership and accountability can be displayed.
We were then able to produce a series of reports and dashboards to assist with managing the out-of-the-box process:
- Conducted stakeholder analysis to determine report types required for each persona.
- Held requirements gathering workshops to agree specific use cases for reporting.
- Built standard and Performance Analytics (PA) reports leveraging OOTB capability and aligned to use cases via configuration changes and published to dashboards.
The resulting dashboards are user-appropriate and drive the right behaviours for remediating vulnerabilities. They also prioritise truly urgent work in a way that is manageable, and reportable.
- Resolver dashboard- used by analysts responsible for remediating vulnerabilities occurring on the CI class for which their team are responsible.
- Process owner dashboard- used by the Vulnerability Remediation Process Owner and their team to report on process health and identify bottlenecks.
- Management information dashboard- used by senior stakeholders and auditors to trend Key Performance Indications (KPIs) over time, to demonstrate process improvements and risk mitigation.
- Full transparency of ownership and accountability for all vulnerabilities across the IT estate- an ask that was impossible prior to implementation of this solution.
- A full reporting suite satisfying all user groups, built leveraging OOTB capability with no customisation.
Our aim is to make you self-sufficient, then leave. At CloudStratex, our ServiceNow Practice is a proven and trusted partner.
Key Client Information:
Global reinsurance and primary insurance provider
Munich, USA, Canada, UK, Singapore, Australia, Hong Kong
Snapshot Of Problem:
Too much data in the CMDB, and not enough clarity on what's important. Hard to separate the real risk to critical systems from the noise.
Snapshot Of Solution:
Using the Vulnerability Remediation solution in ServiceNow to create dashboards for key users:
- Resolver groups
- Process owners
- Senior managers With a set of Key Performance indicators (KPIs) to demonstrate process improvements and risk mitigation over time. By making use of data integrated on the platform, the dashboards provide a clear mechanism for reducing the noise to an actionable level.