When your network is attacked, typical questions asked include: “how do we determine our risk exposure?" and more importantly, "how do we determine which systems to address first?”

In early 2018, two critical vulnerabilities were unleashed: Meltdown and Spectre.

Malicious programs can exploit Meltdown and Spectre to get access to secrets stored in the memory of other running programs. Nearly three billion systems globally were potentially affected by the vulnerabilities, as both hardware and software providers scrambled to get patches into the hands of their customers.

Ranking threats using scanned data in Vulnerability Response

Using the Security Operations Vulnerability Response application, numerous methods are available for performing vulnerability scans. If the Security Incident Response application is activated, you can also initiate scans from the security incident catalog, a security incident record, or a security scan request.

Depending on the third-party integration you use, vulnerability data is scanned and imported into the Vulnerability Response application using APIs. It is then matched against your assets in the ServiceNow Configuration Management Database (CMDB). The resulting vulnerable items are assigned a risk score based on multiple factors, including the severity of the vulnerability and the importance of the affected asset.

The risk score is configurable and provides quick prioritization. All information about the vulnerability (for example, what it is, how it was exploited, and how to remediate the threat) is automatically pulled into Vulnerability Response from the National Vulnerability Database (NVD), eliminating the need for manual research. The solution’s configurable dashboards instantly show your organization’s overall vulnerability exposure.

Automating the next steps

After you have identified and prioritized the most critical vulnerable items, Security Operations workflows automate several of the next steps.

For business critical vulnerable items, requests to approve automatic patching are sent and the appropriate owners are notified. This eliminates the need to search for the on-call analyst or manually decide which items count as “critical.”

Upon approval and completion of the patch, a second scan is automatically run to verify the fix. Using prioritization, workflows, and automation, the most critical items are addressed first.