As customers increasingly recognize the value of vulnerability response, Tenable and ServiceNow are delivering market-leading vulnerability insights and greater flexibility to help IT and security teams prioritize critical risks for remediation.
Closing the remediation gap remains a key challenge for today’s security organizations. The typical enterprise attack surface is expanding in scope and constantly targeted with a growing number of vulnerabilities that threaten the security of critical business assets. Security and IT teams must not only be aligned in their workflows, but also possess the data to prioritize vulnerabilities based on business context when deciding which vulnerabilities to remediate first.
The name of the game isn’t remediating all vulnerabilities – it's about reducing risk by prioritizing the most critical items to patch first through orchestration and automation. However, the majority of security leaders (53%) still feel they lack the technologies, processes and data to accurately predict the likelihood of a cybersecurity threat impacting the business.1 As many as 60% of organizations said that at least one recent data breach occurred because a patch was available for a known vulnerability but was not applied.2 These data points show that security programs struggle with staffing and resource constraints when deciding where to focus their remediation efforts.
How vulnerability insights help security teams respond with precision
In recent years, Tenable and ServiceNow® Security Operations have been working together to bring common visibility to organizations by automatically discovering IT, cloud and IoT assets and displaying that information through the Vulnerability Response (VR) dashboard. This partnership enables customers to continually assess their systems for vulnerabilities, correlate vulnerabilities with the asset’s business criticality and prioritize remediation based on this data to accelerate closed-loop remediation.
Through our existing Tenable for Vulnerability Response app, customers can leverage all of Tenable’s proprietary threat intelligence, including our Vulnerability Priority Rating (VPR) which combines metrics such as vulnerability age, threat intensity and exploit maturity to reflect the risk posed by a given vulnerability and its likelihood of being exploited by attackers.
This integration, built and managed by Tenable, continues to support hundreds of customers and remains available for ServiceNow customers to leverage the power of our vulnerability insights in their IT and remediation workflows.
New option for ServiceNow integration provides greater flexibility
Given the growing interest for vulnerability response, Tenable and ServiceNow are offering an additional option for integrating Tenable’s data feeds into ServiceNow Vulnerability Response. The new application, Vulnerability Response for Tenable, developed and supported by ServiceNow, was built using ServiceNow best practices and validated by Tenable to meet complex customer requirements. The app provides our joint customers with a new option to establish and manage their security-IT workflows, while ensuring they still have the insights they need to execute on a risk-based approach to vulnerability management. It will be available November 19, 2020.
Watch this space
We are excited to offer this additional option to new customers as they evaluate which application best fits their workflows and organizational needs. Existing customers who are currently using the Tenable-built Vulnerability Response integration will likely benefit from maintaining their current implementation and are advised to reach out to both their Tenable and ServiceNow account contacts for guidelines or with any questions.
With this “better together” approach, Tenable and ServiceNow continue to help secure the most complex security programs across virtually every industry around the world. We’re dedicated to working together to continue serving our customers today and meeting evolving security needs in the future.
1. "The Rise of the Business-Aligned Security Executive," a commissioned study conducted by Forrester Consulting on behalf of Tenable, August 2020
2. "Costs and Consequences of Gaps in Vulnerability Response," an independent survey conducted by Ponemon Institute LLC on behalf of ServiceNow, October 2019
ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries.