SecOps Resource Library: Cloud Security

Cloud Security

Overview

The nature of public cloud infrastructure creates additional risk, as well as new ways for security teams to efficiently manage that risk. ServiceNow Security Operations (SecOps) helps protect cloud environments by providing a centralized platform for managing vulnerability exposures, misconfigurations, security incidents, and threats. It integrates IT and security workflows, automates processes, and enhances visibility across hybrid and multi-cloud infrastructures.

This article focuses on top-level insights and best practices for Container Vulnerability Response, Cloud Configuration Compliance, and Security Posture Control.

FAQ

Which SecOps products are most relevant to the topic of Cloud Security?	Vulnerability Response, Container Vulnerability Response, Configuration Compliance, and Security Posture Control
Why is Cloud Security important?	Public cloud environments offer increased flexibility with the cost of greater cyber risk. It is common for cloud environments to have unvalidated software/dependencies, insecure configurations, and their ephemeral nature makes them hard to track. There are also different ways to attack them, such as poisoning container registries and repositories.
What is different about managing vulnerabilities in the cloud?	These assets are (often) short-lived, making typical remediation workflows ineffective in many cases. The assets are created by a base image, with optional layers of additional functionality. The first step is hardening base images, but this does not fully solve the problem, because the layers chosen for any given asset can add exposures unique to that deployment.
How should customers operationalize fixing exposures on short-lived assets?	After hardening the base images, prioritization is key to sorting through the noise on these ephemeral assets. Ideally, there will be a CI in the CMDB sharing this information, but this is harder to maintain with public cloud assets. So, identify patterns for business-critical areas (where possible) and drive action on those first. Consider parts of hostnames, image names, and app details within the scan results themselves, and look for matches to increase criticality/impact.
What role does a CMDB have in ensuring cloud security?	While not required, populating the CMDB with ServiceNow Cloud Discovery, and integrated third-party cloud providers, increases the accuracy of automatic assignment and prioritization. In combination with the pattern-based approach above, customers can maximize the effectiveness of remediation efforts.
Which steps do we recommend to better track exposures across ephemeral cloud resources?	When container images or Virtual Machines are replaced, we recommend consistent tagging practices to help maintain exposure relationships across versions. This is helpful because base images cannot be changed, and thus many of them are created and need to be tracked together. Also, defining the area of operation of the asset, such as application container image or platform/OS VM image (separation between business applications and technical services), will help in assigning the ownership of the vulnerabilities/misconfigurations to the right teams (through a CSDM model).

Getting Started Guide

The attached Getting Started Guide provides additional technical guidance on managing cloud security exposures using ServiceNow.

Resources

Base Knowledge Product Documentation: Container Vulnerability Response ServiceNow Store: Container Vulnerability Response Demo: Systematically Harden the Digital Attack Surface

Implementation Resources QuickStart Guide and Resources for Vulnerability Response and Related Applications YouTube Playlist: Ask a Ranger: Security Operations

Webinars & Training On-Demand Webinars: Understanding Vulnerability Response and Configuration Compliance for Containers Proactive Container Security: Risk-Driven Remediation with Qualys & ServiceNow CVR Best Practices for Operationalizing Cloud SecOps with Wiz and ServiceNow VR Integration Configurations: Tenable to VR, Veracode to AVR and Prisma to Container VR "Success with VR" Webinar Series: A Day in the Life of a Vulnerability Manager ServiceNow University (login required) VR Implementation at Scale VR Implementation VR Learning Bytes SPC Implementation Bootcamp SecOps Fundamentals
Additional Resources Support Knowledge Base Articles (login required) Knowledge Base Links for Support and Troubleshooting VR/CC Best Practices : Vulnerability Response Implementation for better performance VR Performance Accelerator to Boost Performance How Security Posture Control calculates Usage How Vulnerability Response Calculates Customer Usage Community Blog: Introducing Unified Vulnerability Response Workspaces!

Webinars & Training On-Demand Webinars: Understanding Vulnerability Response and Configuration Compliance for Containers Proactive Container Security: Risk-Driven Remediation with Qualys & ServiceNow CVR Best Practices for Operationalizing Cloud SecOps with Wiz and ServiceNow VR Integration Configurations: Tenable to VR, Veracode to AVR and Prisma to Container VR "Success with VR" Webinar Series: A Day in the Life of a Vulnerability Manager ServiceNow University (login required) VR Implementation at Scale VR Implementation VR Learning Bytes SPC Implementation Bootcamp SecOps Fundamentals

Additional Resources Support Knowledge Base Articles (login required) Knowledge Base Links for Support and Troubleshooting VR/CC Best Practices : Vulnerability Response Implementation for better performance VR Performance Accelerator to Boost Performance How Security Posture Control calculates Usage How Vulnerability Response Calculates Customer Usage Community Blog: Introducing Unified Vulnerability Response Workspaces!