Powering ServiceNow Vulnerability Response with Complete and Accurate Data for All Devices
2023-10-12 00:46:49 Author: securityboulevard.com(查看原文) 阅读量:11 收藏

Overview

Enterprises are a complex mix of devices, applications, and data, and the speed at which they are changing is growing exponentially. Look just about anywhere in the modern technology estate and you’re bound to find connected devices that either didn’t exist or weren’t designed to connect to the network even five years ago. Modernization and digital transformation are major factors that have driven the demand to connect more things to networks in an effort to collect and exchange data and enable new services. And as innovation continues apace, we can expect to see further escalation in the numbers and kinds of devices that connect to the network.

With all the benefits of connected devices comes a slew of new challenges when it comes to managing and securing them, especially when you consider that many operate undetected by IT operations. Ordr’s own analysis of environments in which our technology has been deployed shows that as many as 15% of devices discovered were previously unknown by the enterprise. That is a significant visibility gap that equates to a significant risk gap. As we hear over and over again from CISOs, “I can’t protect what I can’t see, but I’m still responsible for it.”

One Big Challenge

What can IT and security leaders do to meet the challenges and keep their enterprises safe from cyberthreats? Automation is key to keeping pace with the speed of growth and change because automation helps organizations scale and keep up with demands. The key is not just in maintaining scale, however, but in collecting and analyzing quality data in real time. This is especially true when it comes to security. Without complete and accurate data, automation is arguably useless. Rather than paving the way to precise and timely action, bad data creates speed bumps and even roadblocks that require manual verification and thus impede rapid decision making.

I can’t protect what I can’t see, but I’m still responsible for it.” – Every CISO, Every Enterprise

One big challenge to ingesting accurate, timely data is in discovering and keeping track of everything that’s connected to the network. In a self-serve IT paradigm, many devices connect outside the view of IT management. Many devices are not capable of being monitored and managed with traditional methods such as active scanning and agents. Sometimes devices can get lost when changes or updates render their agents obsolete or ineffective. And as organizations grow, these issues compound.

Legacy monitoring and tools are not designed to meet today’s challenges because you can’t take advantage of automation if you can’t trust your data. Therefore, it is essential to acquire the means to see, know, and secure every connected device, collect the data associated with each device’s operations, and use that data to generate the security and operational intelligence needed to maintain fast, safe, and efficient operations.

AWS Builder Community Hub

How Ordr Helps

IT and security leaders require a purpose built tool to ensure they have the complete and accurate operational data they need to fill in the blanks left by legacy tools that depend on agents or active scanning. This all starts with the ability to discover the millions of unmanageable network-connected devices in operation in today’s industrial, medical, retail, financial, and other environments. That’s where Ordr comes into play. The Ordr Connected Device Security Platform is engineered to automatically discover, identify, classify, monitor, identify vulnerabilities and assess the risk of every device connected to the network. Here’s how.

Connected device discovery starts by analyzing network traffic. If it connects to the network Ordr will find it, and once we do, we keep it in view. But it’s not enough to simply know a device is there. You need to know what it is going beyond merely collecting its MAC and IP address and instead gain detailed information about the device, the role it plays, and how it is expected to operate under normal conditions to deliver services. Ordr maintains an extensive library of millions of different device types–the Ordr Data Lake–with detailed information on each. That information includes deep insights into known vulnerabilities, FDA recalls, and other data critical to understanding the device’s risk profile and to recognizing when conditions change that put the device and the enterprise in danger of exploitation.

The value of the information Ordr has in the Ordr Data Lake, and that we collect from devices in real-time, is maximized by our extensive list of technology integrations that enable bi-directional data feeds to support other critical security and operational functions. That includes our tight integration with ServiceNow’s Service Graph Connector, configuration management database (CMDB), IT service management (ITSM), and our latest integration with Vulnerability Response. The real-time operational data we collect is used to populate the ServiceNow CMDB and enable workflows in ITSM and Vulnerability Response platforms to ensure the most accurate IT operations automations possible. And from a cybersecurity perspective, maintaining a closed loop of data flow with ServiceNow Vulnerability Response ensures an organization’s security team maintains visibility and status of the attack surface, including any vulnerabilities associated with devices operating in the network.

Closing Visibility Gaps

The bidirectional Vulnerability Response Integration with Ordr, certified by ServiceNow Engineering and available in the ServiceNow Store, closes visibility gaps and provides vulnerability insights for all connected devices including those not supported by endpoint agents or active scanning. Using passive methods, Ordr collects operating system and software details, and vulnerability details including severity for all devices. This information is sent to ServiceNow Vulnerability Response so teams can leverage accurate data to optimize and accelerate vulnerability management tasks and reduce risk.

Combined with Ordr collected device context and vulnerability data from multiple industry and threat intelligence sources, the Ordr-ServiceNow integration delivers a complete, rich, and single view of device vulnerabilities and risk, while providing the data needed to automate dynamic policy creation and efficient enforcement of mitigations as well as rapid incident response actions. Here’s how it works:

  • Ordr automatically identifies and gathers granular details including vulnerabilities for every managed and unmanaged device connected to the network.
  • Ordr uses passive methods and does not impact device services to identify every device and collect granular details including vulnerability information for every connected device.
  • Ordr Software Inventory Collector, gathers details of applications and application patch levels for all devices including unmanaged devices.
  • ServiceNow Vulnerability response pulls vulnerability information from Ordr for all managed and unmanaged devices.
  • Vulnerability status is maintained across both platforms leveraging bidirectional integration.

This complements other Ordr integrations with ServiceNow to provide ServiceNow customers with comprehensive and accurate details of all managed and unmanaged devices in their environment to enable organizations to take full advantage of ServiceNow automation and orchestration capabilities.

  • ServiceNow Service Graph Connector – to enable the exchange of granular and accurate device data at scale between the Ordr and ServiceNow platforms.
  • ServiceNow CMDB – for a centralized, comprehensive, accurate, and up-to-date asset inventory.
  • ServiceNow ITSM – to enrich and accelerate IT workflows with accurate and up-to-date asset details.

ServiceNow VR + Ordr Means Less Risk

Because the Ordr integration with ServiceNow Vulnerability Response enables organizations to fill in visibility gaps with comprehensive device vulnerability details and combine device data from multiple sources, enterprises are safer from threat actors actively working to exploit weaknesses in enterprise security. And because we use passive methods, device performance is not affected, meaning even an organization’s most sensitive and critical devices are protected with no impact to services or patient safety.

To learn more about Ordr’s integration with ServiceNow Vulnerability Response, Service Graph Connector, CMDB, and ITSM solutions, check out ServiceNow on our partners page.

*** This is a Security Bloggers Network syndicated blog from Ordr Blog - Ordr authored by Chris Westphal. Read the original post at: https://ordr.net/blog/powering-servicenow-vulnerability-response-with-complete-and-accurate-data-for-all-devices/


文章来源: https://securityboulevard.com/2023/10/powering-servicenow-vulnerability-response-with-complete-and-accurate-data-for-all-devices/
如有侵权请联系:admin#unsafe.sh