Know our customer
The client is a huge pharmaceutical biotech company with various centers established across the United States. The client was using ServiceNow for Security + Operations (SecOps) and wanted to automate the workflow while increasing efficiency.
Business challenge
- The client had worked with a partner already to configure and customize their Vulnerability Response Applications and Security Incident Response but their requirements weren’t met.
- The Security Incident Response had several customizations and thus caused malfunctions in their reporting.
- They wanted to fix the malfunctions and add enhancements to reporting, Performance Analytics and importing Threat Intelligence feeds.
- The client’s team were creating the trending reports manually and wanted to automate the process and save resources.
- They wanted to revert their Security Incident Response Application to the out-of-the-box solution, reinstate the Vulnerability Response Application as they had stopped using it and leverage Automation Analytics and Reporting for improving their workflows.
- The CMDB data were overwritten due to misconfigured customization and thus the IT agents were overwhelmed with hundreds of tickets assigned incorrectly.
- They were using basic ITIL tickets to assign vulnerability tickets to the IT teams and it was an entirely manual task with no tracking of metrics, time-consuming and inefficient.
Continue Reading
How AVASOFT helped?
- We worked closely with the client’s team to develop an effective solution that would have a lasting impact standing the test of time.
- We scheduled daily scrum calls, weekly demos and meetings, and knowledge transfer sessions with their team to make everything clear.
- We designed, proposed and implemented Security Incident Response with a centralized view of performance while configuring the Performance Analytics for collecting the average time to respond, identify and resolve tickets.
- To automate threat lookups, we integrated Virus Total and imported Threat Intelligence Feeds to link threats to security incidents.
- We added a Security Incident Catalog to the client’s service portal to get potential Security Incident Reports from the users.
- We also configured the post-incident review for Critical Security Incidents.
- To streamline vulnerability response, we integrated Qualys with ServiceNow, to import vulnerabilities in the company’s Now platform.
- Vulnerability calculators were installed to automatically attach risk ratings for each vulnerability ticket to the appropriate remediation team.
- To automatically defer and close vulnerabilities, business rules were put in place based on the specific criteria.
- We also implemented a catalog item on the service portal for enabling the users to manually request a Vulnerability Scan if needed.
- We configured Performance Analytics to record important data such as average time to remediate any issue, open critical vulnerabilities by assigned group, number of critical vulnerabilities and number of open and closed tickets on monthly basis.
Tech stack
- Qualys
Business gain
- We saved our client’s hours of manual work per week with our solution of replacing the manual collection of trending reports with an Automated Performance Reporting for Security Incident Response.
- The team was able to access Performance Analytics on their dashboard with just a few simple clicks.
- The company’s productivity increased with the integration of Qualys with ServiceNow.
- They no longer have to search for Vulnerability Response manually and thus saved a lot of time.
- As the ticket generation and closing became automated, the IT staff saved up to 15 hours a week.
Additional benefits
- The client was very happy with our services and engaged in additional services to implement ServiceNow Governance, Risk, and Compliance (GRC).
