Insights | Thirdera

Health Insurance Provider Automates Remediation Using ServiceNow's Security Incident Response

Written by Michael Henderson | Sep 19, 2024 1:45:51 PM

Offering health insurance and related services to more than 2 million customers, this client wanted to establish a single source of truth to centralise and automate the remediation of active security incidents and vulnerabilities.

Project Snapshot

50%

security incidents converted to actionable cases

40%

reduction in resolution times

Client size: 3,000+ Client industry: Insurance Client location: U.S.

 

Key Challenges


Existing remediation process was handled using ITSM incidents without much automation. The organisation’s tools at the time required optimisation and upgrades to achieve a higher and more successful response rate.

It was difficult identifying resolution groups due to lack of standardised data from scanners. This resulted in some incidents never being resolved.

Vulnerabilities were being routed to teams manually in recurring meetings. Known unfixable vulnerabilities were excluded via reporting consequently becoming unapproved exceptions.

 

Our Solution

Thirdera, a Cognizant company facilitated migration from a custom solution in ITSM to SIR while leveraging the platform's workflow automation capabilities to accelerate incident remediation.

ServiceNow Security Incident Response
SIR was used to consolidate security incidents from Splunk and KnowBe4, providing data privacy for security incidents across the organisation.

 

Threat Intelligence

Used observables (Indicators of Compromise) table and prioritisation to improve resolution decisions by identifying shared security incident attributes and parent-child relationships.


 

Remediation Routing

Vulnerability classification, assignment and grouping enabled automatic routing of vulnerable items to the correct remediation teams for faster resolution.

 

Exception Handling

Automatic exception rules enabled known approved exceptions to be deferred without manual intervention.

   

The Result

Reduced resolution times
Time to respond and resolve security incidents has been reduced by aggregating and prioritising 1,500 security incidents into 750 actionable cases.


Increased efficiency with vulnerability patches
~40% of critical and high-risk vulnerable items are automatically deferred for known approved configurations.

 

Faster routing and remediation
Vulnerable items are correctly routed to appropriate remediation teams.

About Thirdera, a Cognizant company

Thirdera, a Cognizant company is an Elite-level ServiceNow partner, enabling customers to maximise the value of the ServiceNow platform through workflow-enabled services and solutions. Founded in 2021 and acquired by Cognizant in 2024, Thirdera, a Cognizant company is one of the largest and most credentialed ServiceNow partners globally. We offer world-class guidance to help businesses accelerate growth and productivity. With expertise and capabilities spanning experience design, process optimisation, and AI-accelerated solutions, we are ushering in the next era of transformation, automation, and partner expectation. Visit www.thirdera.com for more information.

Contact us today to discuss your next project and enter a new era of ServiceNow partner experience.