[Music] hello again security committee welcome back to another video tutorial to help you get started and make the best of service now my name is eric farrow i'm in santa clara california i'm joined today by joe pizzo who is senior advisory solution architect at servicenow hello joe good afternoon and welcome to the show hi eric and hello everyone very happy to be here thanks for having me so joe today we're going to talk about getting started with vulnerability response we know from experience that some of our customers after they have purchased the application need some help to go through the very first steps this is exactly right eric all organizations are exposed to vulnerabilities and have in place some system that provide the basic ability to get by when they purchase vulnerability response there's a learning curve and changing from legacy systems is never straightforward today we're going to see that it's critical to move forward and to modernize in order to stay ahead of the vulnerabilities curve in particular when you have servicenow's vulnerability response application available to you right at your fingertips using it will change your life i'll also show you how easy it is to get started all right i'm looking forward to this so let me first take us through our usual refreshers our tutorial series is primarily designed to help people get started with the security applications and get value quickly in the early stages of implementation today we are focusing on this life-changing step from manual processes to automation in the future we will also have tutorials for the more advanced levels of maturity another interesting slide here we are building a whole program of free tutorials to help you get started with the vulnerability response this is to complement the great training classes that are available to you and of course the expert input that you will need from your implementation partner so to date we have already produced tutorials for the implementation checklist the importance of your cndb for vulnerability response the integration of tenable and of course we'll soon do the same for quality and rabbit seven ci matching which is so important and of course the reports and dashboards that your execs are going to love and all of these are available in the dedicated vulnerability response community forum and the link is here on the slide okay enough of me joe the floor is yours excellent thank you eric so we're talking about vulnerability response we first want to take a look at what is a vulnerability a basic definition is that it's a weakness or flaw in a system so when we think about this we'll have this information that's available to us from our scanners that's telling me hey we have vulnerabilities typically the impact of these vulnerabilities is that they can open up a system or application to some type of exploit that can go and do things that we don't want happening in our environment things such as escalating privilege running uh attacks like a password a spray and pray doing redirects or spoofing and providing attackers with the ability to get through and access data that we don't want them to have access to though organizations do have scanners they're typically not in a place to manage their response to their vulnerabilities and the reason why is that we're looking at systems that are providing lots of information that it's difficult to keep up with we have tools in place but a lot of times we can't go out and take advantage of just the vulnerabilities through having that identification we need to take action typically what i'm seeing is that organizations are using email spreadsheets cell phone calls text messages to relay what vulnerabilities exist and they have to wait on these to come back and what we're seeing is that there's a gap and there's a delay and this gap in delay is coming back and it's causing per vulnerability upwards of 12 days on average and this is just an average and when we start thinking about addressing vulnerabilities we want to identify how we fix them whether it's a patch whether it's things like a registry modification or a file modification or deletion but when we just have our management scanners in place we're really not addressing the recovery effort the remediation effort and the action that needs to be taken to stay on top of these vulnerabilities so you're a servicenow vulnerability response customer and this puts you at a great advantage what we're looking at is the ability to integrate with the market leading scanners and solutions that are out there scanners from companies like rapid7 qualis tenable crowdstrike pulling in data from the national vulnerability database being able to use existing servicenow information to prioritize these vulnerable items and create calculators using risk scores from all of these scanners and third-party data to be able to combine that information to determine what our risk is we can assist in the automation of addressing any fix or patch that might need to be applied and then we're integrating seamlessly with incident response tasks change requests and problem management to further enhance the solution when a security incident emerges and on top of all that we're creating a healthier cmdb by incorporating the scan data and applying it to the assets and this is where we're keeping all of this information at our fingertips so that we can continually know what's going on in our environment and where our assets stand from day to day and on top of all of this you can provide great information to your executives about what's going on in your environment we can deliver dashboards including information about our cis and what we're seeing about the vulnerable items associated with hci when we look at vulnerable items based on their risk rating over time we can identify whether we're remaining flat whether our success is increasing or decreasing and an increase a decrease or flat is all based on the context in the case that we're looking at here with our vulnerable items by risk rating we can see a slight decrease over time which means that we're addressing all of these vulnerabilities in a timely manner we can also group these systems together logically based on specific types of vulnerabilities specific types of cis or specific types of information that we're gathering that might be unique to your organization and finally when we start looking at how we're doing based on the new enclosed vulnerabilities that we're identifying we can identify where we're really successful and if we start looking towards the end of this we can see that we don't have many new vulnerabilities coming in but we are incredibly successful at closing out existing vulnerabilities and these are the type of impactful results that will dazzle and delight executives all right joe so this is great now in all change there's a cost and there's effort needed we have to balance these efforts with the benefits that change bring so moving from legacy systems to the vulnerability response application what are some of the benefits that you can extract from the change so that's a great point eric there's a lot of benefits that can be extracted from vulnerability response and when i think about this i want to think about how i prioritize my critical threats and when we say we're looking at business context and threat intelligent enrichment it takes on a different level because when we look at business context we want to look at a system that may be a high profile system for us with a high business value and that may have a low criticality vulnerability or a low risk vulnerability and if we compare that to a system that's maybe a low business impact system like something that sits in a mail room and all it does is print labels that system could have a critical vulnerability but when we look at the business impact in the business context around them even though there's a critical vulnerability on that low business system it still falls below the prioritization that i would have for the high business impact system so we're able to go and prioritize these critical threats out there and identify them and move towards remediation when we think about productivity we want to think about how we can automate some of the workflows that's coming through and building orchestration so we have this information we can take it in and start assigning information to groups and grouping these these vulnerabilities into appropriate categories and then start kicking off workflows that can go and do some of the work for us and actually get us to a cleaner and more reduced attack surface than what we would have had prior to this finally when we think about this we want to think about what we're doing today and what we're seeing out in the market where individual security operators and security professionals are using tools like email and using text messaging and spreadsheets to manage these communications these communications are typically antiquated we still use them every day but they're antiquated in the context of addressing these vulnerabilities in a timely manner with accountability so what we do is we take this and connect our i-team security professionals together so we have a single platform for accountability and collaboration that provides for that action to be taken so we can see the benefits happening in real time all right so this is all all very good for the organization right but as a security professional i'm the one who's gonna have to do all this work right all this extra work so what's in it for me so there's a lot in it for the individual operator security professional the first thing i think of is what am i spending my day doing am i sitting and swiveling between multiple applications and sending out these emails and sending out these spreadsheets and these text messages in order to get that information back by using this i can free up some of my time because now i have a single system of action where i can go and take advantage of my time that's available to me and potentially learn to learn a new skill or go and read that technical white paper that i've been trying to read or even go and take that break that i've been trying to take when we think about what we're gaining out of using a new product we now have new skills that are being developed and we can become an expert at products like servicenow vulnerability response in general and using cloud application and when we think about this we want to think about how we translate this and largely we're looking at a digital transformation that's occurring in security and today when i think about this it's been quoted that by the year 2023 there's going to be a 7.4 trillion dollar investment made in digital transformation and this is going to require a deep set of skills and i'll now have those skills that can be applied and i can become that subject matter expert that can deliver this information and this brings us to the third key benefit of visibility now i'm providing my executives with the information that they need that can hold up to questions that are being asked by the c-level suite by board members by major shareholders and they're going to come back and have this data that's being provided by me and my team at their fingertips using me as a subject matter expert not just for my organization but across the industry that's very cool all right so i'm sold i'm convinced now you're going to show us how to actually do it how to get started right absolutely and servicenow makes it simple for our applications all that really needs to be done is to go in to your instance and activate the servicenow store application for a vulnerability response it's a simple matter as going through and clicking on this install button validating that all of the dependent applications are installed so all of these dependencies are there and then closing and reloading that form so that we have this application installed in one place that we can start using the product very cool and that's it really and then you're ready to get started and that's it that'll get you started and that'll move you right into using vulnerability response and provide that ability to take action all right so let me try to recapitulate here it's really a no-brainer right this vulnerability response application you need it to make your life better it will help your organization it will help your job and it will help your career it's available to you today and it's really easy to get started so joe before we close this meeting tell us what should our audience do right now so there's a few things that they can do first install the plug-in follow those instructions and install the plug-in and get this running in your environment the next thing go out and look at the vulnerability response tutorials that are available on the community talk to your partner if you have a partner in place talk to them and if you don't take advantage of the community and ask questions there's an entire community of individuals that are using servicenow vulnerability response that are more than willing to help and happy to offer their expertise all right well thank you very much joe for your time thank you all of you for listening and before we close this a couple of quick reminders again the slides that you just saw will be available in pdf format in the community forum and very much as what joe said vulnerability response experts and specialists are waiting for you 24 7 on the community forum to answer your questions and to help you be successful with the application and that's it for us today joe again thank you very much for your time thank you eric it was a pleasure being here and on behalf of everyone at servicenow goodbye and see you next time