The Customer
The client, a leading healthcare provider committed to delivering exceptional medical services to patients. With a strong focus on patient care, they offer a comprehensive range of medical specialties and services, including primary care, specialized treatments, and advanced diagnostics. The client has a large network infrastructure with various interconnected systems and devices, making them susceptible to cyber threats. Prior to enlisting the help of GlideFast, the client had a limited manual remediation process for vulnerabilities, which exposed them to cybersecurity risks and potential business disruptions.
The Challenge
The client recognized the need to enhance their vulnerability management process to mitigate risks effectively. Their manual approach was time-consuming, error-prone, and lacked centralized visibility. They needed a robust solution to streamline vulnerability response and improve the overall security posture of their organization.
They expected a leading-edge solution that would automate the management and remediation of vulnerabilities. Key requirements included importing vulnerability scan data from multiple sources, enriching the data with third-party sources like NIST, First, Microsoft, and RedHat, and leveraging Configuration Item (CI) data for automated scoring and assignment of tasks to remediation owners.
The Solution
The GlideFast team proposed implementing Vulnerability Response (VR) within the ServiceNow platform to address the client's needs. The solution included the following key components:
-
Ingestion of Vulnerability Scan Data: Integration with Qualys and Microsoft Threat and Vulnerability Management scanners was established, with future plans to integrate Tenable. CI Lookup rules were leveraged to match the scan data to existing CIs, and unmatched CIs could be created using the CMDB CI Class Models plugin. This ensured accurate association of vulnerabilities with relevant assets.
-
Enrichment of Data: Data enrichment was performed by pulling in additional information from various sources. CVEs from NIST were used to associate third-party vulnerability descriptions with their NIST counterparts. EPSS scoring from First provided valuable insights into vulnerability risks through CVE association, while solutions from Microsoft and RedHat expedited the remediation process.
-
Prioritization and Assignment: Configuration rules were implemented to support prioritization and assignment of vulnerabilities. Vulnerability Calculators utilized EPSS and CI data to determine risk scores. Assignment Rules and Remediation Task Rules were set up to ensure vulnerabilities and tasks were assigned to the correct remediation owner groups. Approval rules facilitated deferment and exceptions when necessary.
To successfully complete the project, training sessions were conducted with VR analysts to familiarize them with the new system and processes. In-depth discussions were held with subject matter experts (SMEs) to refine the remediation assignments and ensure alignment with organizational requirements.
Results
The project took approximately 12 weeks to complete, including User Acceptance Testing (UAT) and additional change orders. The implementation of VR brings a 40-60% reduction in time to remediate business-critical vulnerabilities when transitioning from manual processes such as spreadsheets and email.
By implementing Vulnerability Response within the ServiceNow platform, the medical center successfully streamlined their vulnerability management process. The solution provided automated vulnerability tracking, improved visibility, and enhanced prioritization and assignment capabilities. The implementation of VR within the medical center showcased the benefits of leveraging advanced technology to strengthen cybersecurity practices and protect critical healthcare infrastructure.
