Building the Foundation for Effective Security and IT Operations – XM Cyber and ServiceNow
XM Cyber and ServiceNow are coming together to integrate the leading continuous exposure management platform with the leading workflow automation platform. We’re excited about this collaboration that gives organizations the ability to build and support more efficient remediation programs. In this blog, we’ll discuss how IT and Security leaders can more effectively mobilize their teams, align resources, and deliver better business outcomes with these new integrations.
Before: Struggling to Address the Growing Volume of Cyber Risks
Security and IT leaders must contend with protecting increasingly complex digital environments. And despite having ServiceNow’s Configuration Management Database (CMDB), IT Service Management (ITSM), Vulnerability Response (VR), or Security Incident Response (SIR), organizations are still overwhelmed by a flood of vulnerabilities and exposures which can’t be addressed fast enough. Prioritizing these risks is a significant challenge and traditional approaches continue to rely on severity in the wild, without considering the context of their impact on your most critical assets.
This leads to misallocated resources, slower remediation times, and an increased risk of attack, as critical vulnerabilities remain unaddressed. This vulnerability-centric focus also ignores broader exposures such as misconfigurations, and identity and access exposures.
So how can organizations focus their security efforts where they will have the greatest impact?
The Turning Point: XM Cyber and ServiceNow Integration
To address these challenges, XM Cyber’s Continuous Exposure Management (CEM) platform now integrates with ServiceNow’s VR, CMDB, ITSM, and SIR solutions. These integrations change the game for vulnerability management by shifting the focus to the critical exposures that put an organization’s most valuable business assets at risk. By combining XM Attack Graph Analysis™ and risk prioritization with ServiceNow’s workflows and automation, Security and IT teams can effectively manage and remediate exposures based on true impact to the business.
After: Focusing on What Matters Most
The integration of XM Cyber and ServiceNow offers a new approach to Exposure Management, one that prioritizes exposures contextually, based on their risk and impact to your critical business assets.
Here’s how this bidirectional information flow between the two platforms delivers more accurate prioritization, validation, and remediation; XM Cyber provides asset criticality metadata to Now CMDB, including asset security and risk metrics. The Now CMDB enriches XM Cyber with asset business context to speed scoping and boost accuracy.
XM Cyber Continuous Exposure Management (CEM) leverages the business context of critical assets and the attack graph to assess the impact and the exploitability of exposures discovered across on-prem and cloud environments.
The attack graph identifies entities that are intersections of multiple attack paths with high risk to critical assets (choke points), and prioritizes them for remediation. The prioritization score and remediation context are sent to ServiceNow VR and SIR to ensure that the high-risk, high-ROI exposures are fixed first, to maximize remediation effectiveness.
“As a leader in a company that’s focused on efficiency, I’m always seeking improvements to our processes,” said Boris Eisengräber, Group CISO, Head of Schwarz IT Cyber Security. “By visualizing the prioritization from XM Cyber in your ServiceNow Vulnerability Response you are able to immediately and confidently leverage its unique attack graph context to identify the vulnerabilities that must be fixed first and reduce the noise of vulnerabilities with less potential impact to your environment.”
Benefits of the XM Cyber and ServiceNow Integration
Identification and Remediation of the Greatest Risks – XM Cyber uses XM Attack Graph Analysis™ to identify choke points in an organization’s network—those entities that, when remediated, break multiple attack paths. Instead of simply relying on CVSS in isolation, this integration prioritizes which vulnerabilities present the most risk to critical systems. The focus shifts from addressing every alert to strategically remediating vulnerabilities that matter most in the Now VR platform.
Streamlined Remediation via ITSM: By linking XM Cyber into ServiceNow’s ITSM workflows, exposure remediation becomes more efficient, less error-prone, and easier to measure for efficacy. Security teams can push exposures from XM Cyber into Now workflows and this linkage provides justification of urgency based on risk context, as well as remediation guidance and alternatives. This ensures Security and IT alignment so that remediation resources can focus on addressing the most significant vulnerabilities first. This integration reduces manual processes and enables organizations to resolve issues faster, minimizing the window of opportunity for attackers.
Comprehensive Exposure Response with SIR: Vulnerabilities are only part of the risk to business operations. Non-CVEs such as Active Directory issues, credential issues, and misconfigurations represent a significant risk to critical assets and make up part of an overall attack path. XM Cyber enables SIR teams to extend remediation programs effectiveness beyond vulnerabilities to these non-CVEs. This coverage extends to the hybrid environment where on-prem and multi-cloud exposures can further challenge security programs.
Prevention of High-Impact Attacks: This proactive and coordinated approach to Exposure Management means teams can address the biggest risks to the business before an incident. By reprioritizing to address choke points, validated exposures, and exposures that put critical assets at risk, security teams can demonstrably reduce risk.
Increased Remediation Efficiency: By automating workflows and using contextual risk data specific to your business to prioritize exposures, organizations can reduce the remediation deficit and the burden on security teams. Rather than address issues with minimal impact on risk reduction, Security and IT can focus on the risks to critical assets and services.
Improved Collaboration Between IT and Security: IT and security teams can work together seamlessly, with all data centralized within ServiceNow, ensuring that both teams have access to the same risk and vulnerability information and priorities.
Conclusion – A New Approach for Security Leaders
It’s clear that traditional approaches to vulnerability management are no longer enough. Adopting a proactive prioritization strategy enables teams to focus on the greatest risks, rather than being overwhelmed by endless vulnerabilities.
The integration of XM Cyber’s Continuous Exposure Management platform with ServiceNow workflows enables Security and IT teams to prioritize and remediate exposures more efficiently and effectively. By leveraging contextual insights specific to your business and automation, organizations can dramatically reduce risk, enhance exposure management, and ensure that their most critical assets are always protected.
This new approach to managing cybersecurity threats allows businesses to become more agile, efficient, and resilient in the face of sophisticated attacks. Embracing this model protects their organizations and drives better outcomes.
Author: Bill Bradley
See original article here