Actionable Insights for External AI Integrations...
There is considerable excitement surrounding the release of ServiceNow GenAI, which now allows organizations to seamlessly integrate ServiceNow instances with large language...
Read MoreThirdera generates transformation, digitization, and automation for our customers at the speed of NOW.
We help organizations adopt better patterns of work and get more from ServiceNow. Our team unlocks enterprise potential to elevate experiences across the world of work.
We help organizations adopt better patterns of work and get more from ServiceNow. Our team unlocks enterprise potential to elevate experiences across the world of work.
Exciting news! Thirdera and Cognizant Awarded Three ServiceNow Partner Specializations
Read moreInsurance Provider Projects $75MM Gain in Business Value from Asset Management Transformation
Read moreGovernment Agency INDOT Modernizes Its Constituent Service Model with CitizenKey
Read moreBalancing mission-driven goals with operational efficiency requires innovative solutions that can streamline processes, and enhance program delivery without straining budgets.
UN Agencies Rely on Thirdera and ServiceNow to Support the Ukrainian Aid Response
Read moreDigitize and automate workflows to enhance the customer experience, online and in-store.
Global SAP on Cloud Leader, Lemongrass, Embarks on Multi-Continent ITSM Overhaul
Read moreStay up to date with the insights from ServiceNow experts and explore our blogs, news, case studies culture posts, partner updates and more.
Stay up to date with the insights from ServiceNow experts and explore our blogs, news, case studies culture posts, partner updates and more.
With cybersecurity spending estimated to be $172 billion in 2023, security teams are under pressure to deliver more for the money being spent. Many companies have a variety of tools in use to manage their cyber-attack surface, including Vulnerability Scanners like Qualys and Rapid7 InsightVM, Static and Dynamic Application Security Testing tools like Veracode, and Secure Configuration Assessment tools like Tanium Comply. All these tools help organizations to understand their security posture and to work to reduce the risk of attack.
However, when working with multiple disparate tools they may not all have the same information about potentially impacted devices or applications which may require remediation teams to research the impacted system before being able to start remediation. Additionally, as these technologies may not gather all the same information about impacted systems, it can be hard to understand everything that exists in your environment to even know what needs to be secured.
To understand what exists in your environment a Configuration Management Database (CMDB) comes into play. Many companies have a rudimentary CMDB that may not have a high level of trust around accuracy. And while many people understand the value of the CMDB, getting funding to help build, maintain, and mature it can be tough to find. In recent years though, cybersecurity programs have been able to drive and fund CMDB work as you can’t secure something if you don’t know you have it. However, shepherding a successful deployment is an entirely different challenge addressed in our recent blog Four Steps to a Successful ServiceNow CMDB Deployment.
Populating the CMDB allows for a variety of benefits when looking at vulnerabilities and configuration errors. Tracking ownership data in the CMDB such as the group that owns the system allows you to automatically assign work to the correct teams so it doesn’t have to be triaged and starts off at the team that can address it.
Tracking relationships in the CMDB between devices and applications or services can extend assignment routing to assign to an application or service support team instead of a device.
The other major benefit to the CMDB is the ability to help determine the risk of findings on a system. A comprehensive Risk calculation considers three categories of risk factors, as shown below. Inherent risk factors come from scanners or static sources (e.g. CVSS score from the NVD) to determine the general risk to any/all organizations. Company-specific risk factors are found in the CMDB and provide system-specific context to the finding based on what is known about the impacted system and its use in the larger environment. And finally, Temporal risk factors are focused on whether the risk is actively being exploited and any active campaigns. Integration with data sources like the CISA Known Exploited Vulnerabilities Catalog can help to identify temporal risks.
Because the CMDB has relationships between systems and applications, you can populate some of the key risk factors such as whether a system is internet-facing or has sensitive data on it at the application or service level, and set the risk for associated systems based on that higher level application. If your CMDB doesn’t have those relationships yet, you can also set the risk factors directly on the systems impacted (servers, workstations, switches, etc.).
When looking at potentially millions of findings to address, being able to automatically calculate risk based on environmental factors can expedite remediation by getting the more crucial items to the remediation teams as quickly as possible.
There are many ways to populate the CMDB, depending on your organization’s starting point and available tools and resources.
ServiceNow Discovery can discover your entire IT infrastructure by scanning ranges of IP addresses as well as using Cloud Discovery to connect to your public and private clouds to ingest cloud-based infrastructure. Service can discover application services and build a comprehensive map of all devices, applications, and configuration profiles used.
Service Graph Connectors can be used to pull in asset/configuration data from a variety of device management, patching, and monitoring tools such as Microsoft SCCM, SolarWinds, and Jamf. There are currently about 40 Service Graph Connectors available in the ServiceNow Store.
In addition to your cybersecurity tools detecting vulnerabilities and misconfigurations, most track at least some rudimentary data about the systems they scan such as IP addresses, hostnames, cloud identifiers, and fully-qualified domain names. Most of the available scanner integrations for Vulnerability Response and Configuration Compliance will pull at least that minimum set of data into your ServiceNow instance, compare it against anything existing in the CMDB and if no matches are found will create a new configuration item.
In addition, many of these tools, such as Qualys and Rapid7 have pre-built CMDB-specific integrations that may be able to populate more robust data into the CMDB that can then be matched from the scanner integrations.
If you’re looking to start using ServiceNow’s Security Operations applications but don’t have a CMDB yet, or don’t have a quality CMDB, don’t feel discouraged. Thirdera works with you to bring your resources together with the ServiceNow platform, allowing you to synchronize Security Operations data into one solution and make decisions based on their impact to your business.
As mentioned, ServiceNow can ingest data from your cybersecurity tools to help build out your CMDB in addition to the other options above. You may end up pulling in many unknown systems that have vulnerabilities that can take some time to investigate, but it’s still better to know what is out there. And having unknown systems coming into the CMDB is often the driver to look at what else can be done to improve the CMDB.
If you already have a CMDB but want to understand how healthy it is and get recommendations on the next steps in your CMDB journey, contact us about a CMDB Assessment.
There is considerable excitement surrounding the release of ServiceNow GenAI, which now allows organizations to seamlessly integrate ServiceNow instances with large language...
Read MoreThe retail industry has always been dynamic, but today’s landscape demands a level of operational agility and customer-centric innovation that few sectors experience. ServiceNow...
Read MoreThirdera, a Cognizant company is on a mission to be the world's most trusted and capable ServiceNow partner, delivering maximum value to our customers through deep technical...
Read MoreIn recent years, the banking, financial services, and insurance (BFSI) industry has faced an immense wave of change. Customer expectations are evolving fast, regulations are...
Read More