greetings today we'll be looking at how service now helps security teams work with teams across the Enterprise to systematically harden the digital attack surface organizations face vulnerabilities in the tens and hundreds of millions in an ever expanding attack surface the log forj vulnerabilities of 2021 showed us that response teams need to be ready for emergency exposures in high volumes across different attack surfaces service now vulnerability response helps security and it teams work with this data at scale making it easy to find what matters and act on vulnerabilities in bulk maximizing efficiency the vulnerability manager workspace allows security teams to visualize their vulnerability in misconfiguration data across the entire attack surface Cloud application and infrastructure Assets in a single pane of glass watch topics make it easy to track what's important among hundreds of millions of data points and visualize your exposure to new and emerging threats watch topics highlight the types of vulnerabilities misconfigurations and assets that are most important to your organization security teams can set up sophisticated watch topics that they can use to monitor specific categories of vulnerabilities such as the log foret vulnerabilities shown here but they will also use watch topics to monitor their pipelines of remediation work across different attack surfaces and on different remediation timelines here we see an example of a watch top topic used to monitor the container vulnerabilities for the financial application Services team vulnerability analysts can even use software Asset Management data in the now platform to respond to zero day vulnerabilities faster than ever before the vulnerability manager workspace allows you to assess exposure to new critical vulnerabilities based on installed software data from your cmdb this can help you get ahead of exploit attempts and initiate remediation on exposed assets even before for scan definitions are available from security vendors when the security team is ready to act on a slice of vulnerabilities they can initiate remediation work in bulk across a whole watch topic by creating a remediation effort the work will automatically be divided into remediation tasks and assigned to the appropriate stakeholders in it remediation groups remediation efforts and tasks help us organize vulnerability data into easily managed chunks so that it teams can quickly and efficiently Target and remediate the most critical vulnerabilities that slip through patching processes from the it remediation workspace here our remediation owner can work on fixing these vulnerabilities within their remediation Target across every asset and every attack surface vulnerabilities are correlated with Solutions and Patch schedule information so that it owners can focus on which Solutions still remain to deploy on which devices with automated patch orchestration Integrations with HCL bigfix and Microsoft secm it owners can see the deployment details of patches if they are ready to deploy to their device collection they can schedule the patch directly from service now if they are ready to fix the vulnerabilities in this remediation task the it remediation owner can create a change request at the click of a button change requests can be created easily and accurately from here using your organization's standard change templates and customized change management workflows note that information about the vulnerable assets and how to fix the vulnerability is pre-populated into the change request if available this integration is bidirectional so when the change has been implemented the vulnerability group and its vulnerable items will be marked as resolved and await confirmation from the next scan but how do security teams and it remediation owners know what to work on first using threat intelligence thirdparty risk evidence and the business context available in the now platform vulnerability response provides true risk-based vulnerability management tailored to your Enterprise servers now can act as a calculator of calculators pulling in information from all sources and providing a 1 to 100 score of cumulative risk simple guey based calculators can be used or if desired precise logic can be supplied in JavaScript any changes in the GUI version are automatically previewed against local data sets below and can be reapplied on demand for instance we can change the weight of the input criteria to prioritize vulnerabilities with an available exploit on internet facing CIS that support a business critical service we can even incorporate thirdparty sources into risk score calculations like the tenable calculators seen here to get vulnerabilities to the right owners scan findings are automatically assigned to groups or individuals based on rules assignment rules can be tailored to your needs using any data available in service now to determine the best remediation owner for a vulnerability these remediation tasks have been automatically assigned to the best groups but sometimes vulnerability ownership is too complex for rules when a vulnerable item is unassigned or incorrectly assigned we can use machine learning predictive intelligence to provide assignment recommendations and bulk but to fix the vulnerability security and it teams need more information than a cve ID and risk score they need to know what Solutions are available what other softwares could be exposed and references to common knowledge from multiple sources service now stores a library of cve entries from the nvd alongside thirdparty vulnerability definitions reference information and a list of vulnerable softwares to be presented with your scanner results this is what the log 4J vulnerabilities would have looked like to an investigating analyst threat in Integrations help us understand what is happening with this vulnerability in the wild is there an exploit kit for it is it being exploited often solution Integrations with Microsoft and red hat show the available patches and fixes and which solution is preferred for each item this provides remediation instructions to teams without the need to search whether it's applying a patch or something like changing a setting vulnerability response is the control tower of Defense defensive security across the entire attack surface extending your response automation across application security and container vulnerabilities in Cloud native applications application security testing scanners like sneak can be integrated to remediate security flaws in your in-house applications you can even perform penetration testing assessments on applications and capture the findings right next to the vulnerabilities found by automated scans alongside all your vulnerability data you can contextualize the security of your cloud and infastructure assets with configuration test results showing compliance across cloud and infrastructure assets and since your risk and compliance managers already work in service now they can see the impact of all this security data in their highlevel controls and policies compliance scores finally service now also acts as a hub for your software bill of materials you can import es bombs automatically via API or manually upload an sbom this allows you to keep a master repository of es bombs from in-house and commercially off-the-shelf applications and automatically create vulnerabilities when an insecure component is identified with all your security information in the now platform you can see highle insights driven by data from the entire attack surface the Unified dashboard is available by default and features interactive widgets with real-time data data from vulnerabilities and misconfigurations on container application cloud and infrastructure assets are used to calculate an overall organization security score this helps show actionable insights into your security posture like the prevalence of the asset types known exploitable vulnerabilities and Cloud compliance by provider finally it's easy to integrate your security tooling with service now we offer Integrations with vulnerability scanners such as tenable SCI qualus rapid 7 Microsoft Defender Prisma cloud and prism Cloud compute ver code sneak fortify on demand and many more as well as vulnerability threat intelligence solutions for enrichment such as recorded future ey defense Showdown and exploit DB all these and more are available to install with a few clicks from the service now store alongside many more certified applications offered by thirdparty Partners today we've seen how service now vulnerability response can systematically Harden across the entire digital attack Surface by visualizing exposure automating response processes improving prioritization with integrated threat analysis and business impact triage enhancing collaboration between security and it and providing the big picture analytics necessary to surface actionable insights thanks for watching okay