In recent years, the world has seen an alarming rise in cyber-attacks. According to the just released Verizon DBIR report, the rate of increase of ransomware attacks in 2021 was greater than its rate of increase in the last five years, combined. Malicious exploitation of vulnerabilities continues to be one of the top three attack vectors.
Enterprises both large and small need to step up and respond to threats faster than ever before. To do that effectively, IT and Security teams need to collaborate, establish a shared context for joint operations, and quickly align their tools, processes, and priorities to reduce risk.
But without automation, the siloed nature of IT and security teams makes collaborating to reduce risk easier said than done.
Vulnerability management teams continue to struggle with manual processes that rely on spreadsheets or passing PDF reports to IT teams to remediate and track the status of vulnerabilities. This process is inherently prone to errors and exposes organizations to unnecessary risks when critical vulnerabilities fall through the cracks.
On the other hand, IT teams are overwhelmed with a lengthy list of vulnerabilities to patch, without a clear understanding of what to patch first, how to track the status of remediation tasks, and how to ensure that service level agreements are not breached.
To address these challenges, both Security and IT teams need a solution that will seamlessly integrate with their respective toolsets and provide a shared context for vulnerability remediation. Ideally it would track the status of remediation tickets in a single coordinated view from investigation to resolution.
Introducing Qualys VMDR for ITSM
Qualys VMDR 2.0 helps organizations address these challenges by directly integrating with ITSM solutions such as ServiceNow ITSM. Qualys VMDR for ITSM is a new certified app available on the NOW Platform from the ServiceNow app store. Both Qualys VMDR for ITSM and the Qualys Core app are included with a Qualys VMDR 2.0 subscription.
Qualys VMDR for ITSM allows IT teams to import Qualys vulnerability findings (QIDs) directly into ServiceNow ITSM on-demand or scheduled based on pre-defined criteria, and then to create tickets, assign them to rightful owners or teams, and automatically close them out once vulnerabilities are remediated.
It also automatically matches the assets to the configuration item (CI) by default using ServiceNow’s Identification and Reconciliation engine (IRE).
Qualys VMDR: Get Started wth a 30-day Free trial
Here’s how it works:
Our ServiceNow integration consists of two apps: Qualys Core and Qualys VMDR for ITSM. Qualys Core is responsible for setting up the foundational components for Qualys VMDR for ITSM to work. For example, it can be used to set connector configuration, import schedules, database tables, assignment rules, ticket creation rules, and more.
Let’s review each of these features in more detail.
The first step of the process is to configure your Qualys subscription in the ServiceNow app.
Qualys Core supports multiple Qualys VMDR subscriptions to import findings into Qualys VMDR for ITSM.
Automatically Import Vulnerability Findings
Your organization can decide what detections to import. By default, you can import all findings, but if needed you can import findings for specific asset groups or even vulnerability severity.
Create Tickets based on a Criteria
Once the data is imported, your organization can decide for which findings to create tickets or tasks. By default, these tasks are created in the vulnerability task table. But this can be easily changed to an incident task or even change request task if it is a Qualys patchable vulnerability.
Qualys VMDR for ITSM imports all the rich metadata with which Qualys customers are familiar from Qualys VMDR, which in turn allows for creating fine-grained ticketing rules.
As shown in the detailed screenshot below, you can decide to create tickets based on vulnerability type, asset tags, RTI’s, and even Qualys Risk Scores.
Assign to the Rightful Owner/Teams
Once the tickets are created, the most crucial step is to ensure that they are assigned to the rightful owner or team so that vulnerability remediation tasks do not fall through the cracks. Qualys ensures that all are tracked and remediated. This is easily accomplished by leveraging Qualys meta data such as operating system, host asset tags, or any other attribute made available by Qualys to route it to the correct team.
As shown in the example below, if the operating system is Windows, the ticket is rightly assigned to the Windows team.
View Vulnerability Tasks
Set it and forget it! Once the app is correctly configured, tickets will be created with rich information from Qualys vulnerability findings including solution text so that IT teams can get to work quickly.
Accurately Identify Configuration Item
Qualys VMDR for ITSM automatically matches the vulnerability findings to the correct Configuration Item (CI) by using ServiceNow’s Identification and Reconciliation engine (IRE). The CI matching is greatly enhanced with the optional Qualys CMDB Sync app available on the ServiceNow store.
If the asset is not found, it is moved to the unmatched bucket. We realize CIs are sacred to most organizations. We therefore do not create CIs for unmatched items, but simply provide workflows to move unmatched CIs to matched CIs.
Executive Reporting & Dashboarding
One of the key benefits of Qualys VMDR for ITSM is that IT teams can now drive all their vulnerability reporting directly from ServiceNow ITSM.
Shown below are examples of dynamic dashboards, that can be further configured for multiple assignment group, threats, risks and assets to give a holistic view about vulnerabiliy management and remediation can be effectively mesuared for respective assignment groups.
Track Service Level Agreements
Vulnerability tasks created for respective IT teams can be tracked by SLA. Custom SLAs can be defined for open vulnerabilities based on multiple factors such as Qualys real-time threat indicators (RTIs), asset criticality, risk, and many such factors.
You can configure based on Asset Risk Score and Asset Critical Score, as shown above.
An SLA can be governed for respective resolver groups, to effectively track the remediation process and timelines for each group, as shown below.
Automatically Close Tickets
Open vulnerability tasks are automatically set to be closed once the finding is confirmed to be fixed by Qualys VMDR.
The Rescan feature can be used by respective IT teams to validate and measure the impact of patching by selecting the option profile and scanner selection from the vulnerability task. The Rescan feature is limited to IP tracked hosts only and multiple vulnerability tasks/devices can be included as part of a rescan.
How to get Qualys VMDR for ITSM
To get Qualys VMDR for ITSM and Qualys Core, simply request the app from the ServiceNow store. Once approved, you will be contacted by a Qualys representative who will enable the app with your Qualys VMDR 2.0 subscription.
Qualys is an industry leader in vulnerability management precisely because we improve end-to-end processes from discovery to prioritization to remediation… and now remediation tracking.
Qualys VMDR for ITSM is the initial release of this new app which covers some of the key use cases as requested by our customers. We will continue to improve this critical integration with popular ITSM systems like ServiceNow, and plan to support more use cases such as vulnerability grouping and exception management in future releases of the app.