A long-term ServiceNow customer wanted to consolidate their vulnerability remediation & reporting into a central system. This includes vulnerabilities across the whole attack surface, which includes not only the infrastructure vulnerabilities detected by multiple scanners, but also application vulnerabilities detected by different SAST, DAST & SCA tools. Additionally, they wanted to integrate their vulnerability remediation process into their existing change management practices to formally track the discovery of new vulnerabilities.
We provided business analysis and technical consulting expertise to help the client identify and achieve their target business objectives while adhering to technical best practices for a central and scalable solution. Collaborating with the customer’s vulnerability management and security teams, the ServiceNow platform team, and other subject matter experts, we delivered the following: