Case Study:

Vulnerability Remediation

The organisation was struggling to effectively manage reports showing hundreds of thousands of vulnerabilities occurring on an IT estate with 9+ million Configuration Items. Our challenge was to introduce the Vulnerability Remediation (VR) module to the ServiceNow platform and make IT work.

View PDFView VideoRead MoreRead More

Highlights

.5m
Known Vulnerabilities
<3
Months end-to-end implementation
9,000,000
Configuration items

"

"We're in good shape thanks to your team"

"

Project Manager

Global Insurance Company

The organisation was struggling to effectively manage reports showing hundreds of thousands of vulnerabilities occurring on an IT estate with 9+ million Configuration Items.

Our challenge was to introduce the Vulnerability Remediation (VR) module to the ServiceNow platform and make IT work.

What we did

The team implemented the Vulnerability Module, and configured integrations with the security scanning tools and data on vulnerability significance and risk levels.

Further integrations with Enterprise Architecture tools enabled the team to link business owner with the IT they control, so ownership and accountability can be displayed.

We were then able to produce a series of reports and dashboards to assist with managing the out-of-the-box process:

  • Conducted stakeholder analysis to determine report types required for each persona.
  • Held requirements gathering workshops to agree specific use cases for reporting.
  • Built standard and Performance Analytics (PA) reports leveraging OOTB capability and aligned to use cases via configuration changes and published to dashboards.

The resulting dashboards are user-appropriate and drive the right behaviours for remediating vulnerabilities. They also prioritise truly urgent work in a way that is manageable, and reportable.

  • Resolver dashboard- used by analysts responsible for remediating vulnerabilities occurring on the CI class for which their team are responsible.
  • Process owner dashboard- used by the Vulnerability Remediation Process Owner and their team to report on process health and identify bottlenecks.
  • Management information dashboard- used by senior stakeholders and auditors to trend Key Performance Indications (KPIs) over time, to demonstrate process improvements and risk mitigation.

Outcomes

  • Full transparency of ownership and accountability for all vulnerabilities across the IT estate- an ask that was impossible prior to implementation of this solution.
  • A full reporting suite satisfying all user groups, built leveraging OOTB capability with no customisation.

Goal achieved

Our aim is to make you self-sufficient, then leave.  At CloudStratex, our ServiceNow Practice is a proven and trusted partner.  


Key Client Information:

Global reinsurance and primary insurance provider -£50bn Turnover

Staff Size:

14,000 Employees

Location:

Germany (Munich), USA, Canada, UK, Singapore, Australia, Hong Kong

Snapshot Of Problem:

Too much data in the CMDB, and not enough clarity on what's important. Hard to seperate the real risk to critical systems from the noise.

Snapshot Of Solution:

Using the Vulnerability Remediation solution in ServiceNow to create dashboards for key users: Resolver groups Process owners Senior managers With a set of Key Performance indicators (KPIs) to demonstrate process improvements and risk mitigation over time. By making use of data integrated on the platform, the dashboards provide a clear mechanism for reducing the noise to an actionable level.

CSXecuted with:

Areas for CSXellence:

Operational Integration

Effectively integrating and optimising Cloud and Legacy technologies and service.