Global Construction and Engineering Firm Accelerates Vulnerability Response

As a leading global provider of civil engineering, technical, professional, and construction services, this company is trusted with a wide range of sensitive data. To effectively protect this data and strengthen its security posture, the organization wanted to streamline its security tools to identify and respond to critical vulnerabilities faster.

To achieve this, the civil engineering firm engaged Thirdera to implement ServiceNow Vulnerability Response and integrate ServiceNow with Rapid7 InsightVM for vulnerability data and CMDB enrichment. Thirdera automated the vulnerability process and used data from Rapid7 to enhance the reliability and accuracy of CMDB. 

As a result, the company gained real-time visibility into all of its vulnerabilities and was able to quickly prioritize potential threats. IT benefitted from a faster and more efficient way to remediate risks while eliminating manual spreadsheets that resulted in time sinks and backlogs. With Thirdera and ServiceNow, the civil engineering firm improved its ability to respond rapidly to vulnerabilities, strengthening its cyber defense capabilities and ensuring an enterprise approach to cybersecurity.

Key Challenges

	As the company grew, it outgrew its manual vulnerability process and needed enterprise-grade solutions to support threat remediation and vulnerability prioritization.
	Manual documentation methods like spreadsheets were used to aggregate and distribute 19 million discussed vulnerabilities, leading to an unmanageable amount of data.
	It was complex and time-consuming for 12 remediation teams spread across many countries to manage 90,000 devices with 19 million known vulnerabilities.
	The company received more scrutiny on its alignment to best practices, including ISO and NIST standards, underscoring the immediate need to optimize vulnerability program performance.

The civil engineering firm regularly deals with sensitive and confidential information while working on high-profile projects across the private and public sector. This means the firm must ensure it has advanced security tools in place to protect sensitive data and its IT infrastructure from cyber attacks and breaches. As the company gained more of an international presence, it also needed to maintain compliance with global cybersecurity guidelines and regulations.

The organization needed to accelerate its vulnerability response rate, but manual processes slowed IT’s ability to respond to threats and determine responsibility across global teams. As the organization grew, there was also increasing scrutiny to align with ISO and NIST standards, further prompting the need to optimize vulnerability program performance. Since the company’s use of Rapid7 in conjunction with manual spreadsheets was insufficient to address the optimization required, the company turned to Thirdera and ServiceNow.

Our Solution

Thirdera helped the civil engineering firm implement ServiceNow Vulnerability Response to improve the organization's vulnerability management process. Thirdera integrated Rapid7 InsightVM with ServiceNow to help the company’s remediation teams leverage vulnerability and endpoint analytics within the ServiceNow tool they already used. These solutions enable the organization to quickly assess potential exposures and reduce the attack surface with enhanced collaboration and automation.

To enhance collaboration and risk visibility, Thirdera set up persona-based dashboards for the company’s chief information security officer, relevant approvers, and remediation tasks specific to assigned groups. The dashboards enabled team members to quickly pinpoint areas of concern, prioritize remediation efforts, and monitor remediation progress.

The Result

The company improved vulnerability management by implementing and integrating ServiceNow Vulnerability Response and Rapid7. It reduced 19 million vulnerable items (VIs) across 90,000 devices to 6.8 million VIs grouped into 2,000 automatically prioritized and assigned remediation tasks. Rapid7 data improved CMDB fidelity and provided informative business context during vulnerability analysis.

The organization has significantly accelerated its vulnerability response because remediation teams can quickly hone in on actionable, prioritized tasks. Helpful dashboards and efficient workflows enable teams to leverage and optimize their existing tools, harden their attack surface, and eliminate time-consuming manual spreadsheets. With the combined power of ServiceNow and Thirdera, the organization now has the insights and tools it needs to respond to vulnerabilities and empower teams with accurate, risk-based prioritization.

About Thirdera

The largest pure-play ServiceNow partner in North America, Thirdera is a trusted Elite ServiceNow partner focused solely on improving and innovating the way our customers leverage the ServiceNow platform. Our experts possess authoritative capabilities and skillsets spanning the entire Now Platform. This extensive platform expertise allows us to understand our customers’ needs and deliver tailored solutions that solve business challenges.

Contact us today to discuss your next project, and enter a new era of ServiceNow partner experience.