Patch Smarter with Vulnerability Response

Vulnerabilities don’t often get the same amount of notice as phishing attacks or advanced persistent threats, but when a critical vulnerability is exploited, organizations can suffer major damage. The WannaCry ransomware attack targeted organizations around the world by exploiting an existing vulnerability. More than 230,000 unpatched systems were infected, even though the patch had been available for nearly two months before the launch of WannaCry.

Despite the availability of patches, organizations continue to struggle to update systems quickly.

On average, it takes security teams 17 days to remediate a critical or high priority vulnerability and 125 days to remediate a medium or low priority one, according to a ServiceNow and Ponemon Institute survey of nearly 3,000 security professionals published in April: “Today’s State of Vulnerability Response: Patch Work Demands Attention.” That’s anywhere from two weeks to four months in which organizations are (sometimes knowingly) leaving themselves vulnerable.

There are many reasons for this lag. Organizations are overwhelmed by the volume of patches to be applied. They are often backlogged by thousands of patches, many of which may never be mitigated. And they lack the ability to prioritize which systems should be patched first. In short, patching is hard.

But the inability to patch quickly can be costly. Data breaches cost an average of $148 per lost or stolen record according to The Ponemon Institute’s 2018 Cost of a Data Breach study. The average total cost of a data breach is $3.86 million, up from $3.50 million in 2014 – an increase of nearly 10% over the past five years.

Not all vulnerabilities are created equal. Let’s look at how organizations can shrink the time to patch in difference scenarios.

Critical or high priority vulnerabilities

Many organizations struggle with coordination between security and IT to manage prioritization and patching. When vulnerability response is handled via spreadsheets and email, it’s hard to get up-to-date visibility on the organization’s current risk exposure.

ServiceNow’s survey found that 61% say that manual processes put them at a disadvantage when patching vulnerabilities. In fact, security teams lost an average of 12 days per vulnerability manually coordinating patching activities across teams. Twelve days represents a reduction of the exposure window by 70% for critical or high priority vulnerabilities.

ServiceNow offers Vulnerability Response, an application to help organizations respond faster and more efficiently to vulnerabilities, connect security and IT teams, and provide real-time visibility. It connects the workflow and automation capabilities of the Now Platform™ with vulnerability scan data from leading vendors to give your teams a single platform for response that can be shared between security and IT.

Medium or low priority vulnerabilities

With so many patches to apply, lower severity vulnerabilities are often overlooked or intentionally ignored. As previously mentioned, it takes organizations 125 days to remediate medium or low priority vulnerabilities. Hackers understand this, making systems affected by lower level vulnerabilities soft targets.

The challenge here is understanding the criticality of the system being affected. For example, remediating a medium priority vulnerability on a system containing customer payment data should be prioritized over remediating the same vulnerability on a system containing your office’s lunch menu. But organizations lack the vulnerability to tell the difference.

ServiceNow Vulnerability Response provides a comprehensive view of all vulnerabilities affecting a given asset or service through integration with ServiceNow Configuration Management Database (CMDB), as well as the current state of all vulnerabilities affecting the organization. When used with the CMDB, Vulnerability Response can prioritize vulnerable assets by impact so teams can focus on what is most critical to your business.

With better visibility and prioritization, organizations can respond more efficiently, reducing both the vulnerability backlog and the risk exposure.

Understand the financial benefits of using automation to respond to vulnerabilities with ServiceNow’s Value Calculator.