Automating Vulnerability Management with Qualys VMDR & ServiceNow

With a growing number of cyber-attacks and the push to stay ahead of adversaries, the Vulnerability Management lifecycle has become necessary for ensuring enterprise-grade cyber resiliency.

For many organizations, there is a persistent challenge in supporting vulnerability assessment and remediation programs after implementation. Current solutions are far from set it and forget it. Supporting activities need re-validation and multiple follow-ups. Often, remediation involves extensive manual effort.

One reason is vulnerabilities are weaponizing faster than ever before. Defenses are often slower than actions by threat actors. For better and quicker remediation, security teams need to collaborate in establishing a shared context for operations and quickly aligning their tools, processes, and priorities to reduce risk on an ongoing basis.

Qualys VMDR with TruRisk^TM & ServiceNow

To overcome these new security challenges, Qualys introduced Vulnerability Management, Detection, and Response (VMDR) with TruRisk™. Since the initial release, customers across the globe have capitalized on the seamless integration with ITSM tools, such as ServiceNow. This integration enables organizations to bridge the IT-Security gap by detecting and prioritizing vulnerabilities and tracking and managing their remediation efficiently among all stakeholders within the organization.

Cross-team coordination makes the remediation of vulnerabilities more fluid and allows organizations to continuously improve their threat detection and remediation programs with better oversight. By quickly creating and assigning vulnerability tickets to the right owners, program leaders can monitor their progress until closure – all without relying on manual, spreadsheet-based workflows.

The Qualys VMDR app is certified by ServiceNow and listed in the ServiceNow Store, providing Qualys customers with access to automated change requests and the ability to orchestrate patch jobs in Qualys Patch Management module for seamless, zero-touch patching.

Here’s how it works:

Updates to Qualys VMDR & ServiceNow Integration

The Qualys VMDR App on ServiceNow has received a few key changes since its initial release. Version 2.0 of the app streamlines common vulnerability management workflows and fosters seamless collaboration between IT and security teams.

Here are few key highlights:

Deploy Patches with Qualys Patch Management Directly from ServiceNow Upon Approval

With strict SLA timelines to remediate vulnerabilities, it is important to act on the detected vulnerabilities and patch them to reduce the risk for your organization. Manual steps often cause delays, so a complete automated solution is needed to expedite the remediation process and address manual errors inadvertently caused by legacy processes.

Qualys VMDR app on ServiceNow now creates automatic change tickets to track the remediation actions for detected vulnerabilities. It also creates automated patch deployment jobs in Qualys Patch Management, which helps to reduce risk faster.

Managed Service Provider (MSP) Model Support – Domain Separation

The previous version of the Qualys VMDR App for ServiceNow was restricted to Qualys end customers, leaving Managed Service Providers (MSPs) unable to manage multiple subscriptions from a single account in ServiceNow. With the new update, support for Domain Separation has been added, allowing MSPs, Managed Security Services Providers (MSSPs) and Qualys Partners to take advantage of the solution.

Domain Separation separates data respectively between service providers, customers, partners, and sub-organizations.  This capability addresses legacy limitations in granting the right permissions to end users for using vulnerability data and respective tasks for remediation. Domain Separation also enables customizing business process definitions and user interfaces for each domain – a form of delegated administration.

Managed Service Providers use Domain Separation to keep customer data and processes separate on a shared ServiceNow instance. The MSP manages the instance and the environment for its customers, and each customer’s data is separated into its own domain, so one customer’s data is not visible to another customer.

Group Vulnerability Tasks into Fewer Tickets

To improve vulnerability task management, Qualys has introduced the concept of Vulnerability Task Groups, which allows the grouping of individual Vulnerability Tasks based on multiple parameters, such as operating system, severity, Qualys TruRisk scores, and more. This results in fewer, more organized tasks for IT teams to track and remediate, improving visibility and efficiency. The Vulnerability Task Groups support exception and false positive submissions, and may be configured through Detection Event Rules in the Qualys Core App.

Manage Exceptions                  

Considering the constantly evolving threat landscape and tight SLA deadlines for vulnerability remediation, exceptions may arise due to factors such as insufficient downtime, unavailability of patches, or incompatibility with updates. To address this, the VMDR App for ServiceNow now includes an Exception Management process, allowing customers to configure default assignment groups and assign approvers in the VMDR App.

The remediation owners can seek Exception/Risk Acceptance from VMDR Tasks/VMDR Task Groups. The operator selects the default approver assignment group by filling in the mandatory fields before seeking the exception.

The Exception Request could include three or four stages of approvers and can be approved/rejected by any of the assigned group members.

User roles are added to the application to support exception management and the approvers can view these from the Exceptions to approve/reject them.

When an exception request for a particular VMDR Tasks/VMDR Task Groups expires, then the respective task state will revert to Open State.

During the upcoming Scans/Rescans/Schedule Sync between Core App and Qualys, if the Vulnerability status is marked as Fixed, then the exception task state is changed to Closed.

Manage False Positives

A False Positive is observed by the remediation owners for a vulnerability that has already been remediated or leaves some of the open tracks that are recommended by the vendors for remediation.

The Default False Positive Assignment Group (the Vulnerability Scanning or the Security team), will be assigned to respective owners for further investigations.

The Remediation Owner will submit the required artifacts while initiating False Positive Requests. With the provided artifacts, the respective team can further investigate before approving/rejecting the event as False Positive (FP).

During the upcoming Scans/Rescans/Schedule Sync between Core App and Qualys, if the Vulnerability status is identified as Fixed, then the exception task state is changed to Closed.

Executive Reporting & Dashboarding

One of the key benefits of the Qualys VMDR App is that IT teams can now drive all their vulnerability reporting directly from ServiceNow.

The updated app provides dynamic dashboards with multiple groupings; these can be configured at each resolver group, and with multiple threat intelligence/other priority models, as seen below:

How to get Qualys VMDR for ServiceNow?

Customers with a Qualys VMDR with TruRisk^TM subscription can simply request the “Qualys VMDR” and “Qualys Core” App from the ServiceNow store. A Qualys representative will enable the app for VMDR subscription holders.

The User Guide linked below will guide you step-by-step to configure and operationalize the Qualys VMDR App for ServiceNow.

If you need assistance, please reach out to Qualys Customer Support or your Technical Account Manager for help with the configuration.

Get the Qualys VMDR App for ServiceNow

Register to the Qualys Web Event to Learn More

Put VMDR to the Test

Read More

• White Paper: Implementing Risk-Based Vulnerability Management
• How to Quickly Prioritize Risks with VMDR 2.0 and Orchestrate Response with CMDB & ITSM Integration 
• Close the Gap Between IT & Security with Our New App: Qualys VMDR for ITSM 
• Review the Qualys CMDB Sync App User Guide
• About CyberSecurity Asset Management (CSAM)