CASE STUDIES

Optimizing Vulnerability Response
in a Global Automotive Corporation
.
.
https://serity.de/wp-content/uploads/2020/08/floating_image_04.png
About the implementation

 

The company implemented the Vulnerability Response module to streamline different vulnerability detection programs in a central remediation system to make remediation tasks visible to end users and have a closer collaboration with IT. The goal was to automate and improve the triaging logic by making use of available business context information for prioritization, assignment and reporting of identified vulnerabilities.

Business challenges

 

  • Integrating Vulnerability Response programs into ServiceNow without customization.
  • Inaccurate assignment of findings leading to missing ownership.
  • Permission issues causing visibility imbalance among groups.
  • Application change teams unable to view vulnerabilities affecting their services.
  • SLA tracking lacking for critical findings, resulting in audit issues.
  • Asset-CMDB mismatch reducing assignment effectiveness.
  • Inefficient triaging logic impacting performance.

Project approach

 

  • We provide the business process consulting and on-demand development support in cooperation with the customer’s platform teams in case needed to meet project deadlines and speed up process for Vulnerability Response implementations and improvements.
  • Together with the customer’s Cybersecurity team, platform team, and other subject matter experts, we were able to deliver the following:
    • Integration of Offensive Vulnerability Response programs into the ServiceNow Platform.
    • Improve triaging logic in the Vulnerability Response application to improve end-user experience.
    • Improve Dashboards and Reporting for Information Security Officers.
    • Improve Permission concepts to align closer with need-to-know principles.
    • Work on corporate audit findings and close them.
    • Improve performance of the Application.

Project Success

 

  • Integrated different vulnerability detection programs into ServiceNow VR.
  • Utilized existing triaging logic for managing new sources of findings.
  • Implemented new permission concept to address end-user challenges and increase satisfaction.
  • Introduced visibility concept for application service change groups, enhancing user adoption.
  • Configured SLAs for every finding, ensuring remediation target dates and audit closure.
  • Simplified conditions and logic for improved maintenance and performance.

bt_bb_section_bottom_section_coverage_image