Tanium Security Operations for ServiceNow: An integration for vulnerability response and SecOps – Tanium Tech Talks #91

Tanium and ServiceNow have taken the inefficiencies out of vulnerability management and security operations. In this Tech Talks series, Ashley McGlone is joined by Tanium field CIO Saqib Khan to discuss the latest Tanium-ServiceNow integrations. Check out the following videos to see how scanning, reporting, patching, and approving can be completely automated. Empower the security operations center with real-time visibility and control of endpoints.

Part 1: Tanium & ServiceNow integrations

Tanium and ServiceNow have collaborated to streamline vulnerability management, automating processes like scanning, reporting, patching, and approvals. This integration addresses various challenges in patch management and enhances real-time visibility into vulnerabilities, improving efficiency and reducing risks.

Key takeaways

Introduction to Tanium and ServiceNow integrations: Tanium and ServiceNow have automated the vulnerability management process, eliminating inefficiencies in scanning, reporting, patching, and approvals.

Challenges in patch management: Companies face challenges in patch management, such as maintaining system updates and addressing zero-day threats while meeting SLA expectations for automated patching.

Workflow automation: The integration automates workflows from detection to remediation, including change management, ensuring prioritized and approved patches are deployed at scale using Tanium.

Licensing requirements: To utilize this integration, organizations need to have specific licenses: ServiceNow’s Vulnerability Response and Patch Orchestration and Tanium’s Comply and Patch products.

Customer feedback: Customers have reported streamlined processes and improved focus on fixing vulnerabilities rather than managing workflows, resulting in better operational efficiency.

Monitoring and troubleshooting: Administrators can monitor integration runs and processes in ServiceNow to ensure data is correctly imported and processed, making adjustments as necessary for optimal performance.

Part 2: Vulnerability response and SecOps

In the second installment of this series Saquib and Ashley delve deeper into the Tanium Security Operations for ServiceNow integration.

Key takeaways

Integration setup and data flow: The integration involves setting up connect jobs in Tanium to push data into ServiceNow, where the data is verified and processed as imported items. This data can either be new vulnerabilities or updates to existing ones in ServiceNow.

Configuration and data import: Configurations in Tanium, such as Delta or full load settings, determine the amount of data sent to ServiceNow. Imported items in ServiceNow reflect the data received, which is then matched with existing vulnerabilities using CVE numbers in the NVD table.

National Vulnerability Database (NVD) integration: ServiceNow integrates with the NVD to import CVE information, which is augmented by Tanium with additional data like affected platforms and products, enhancing the overall vulnerability information.

Viewing and utilizing data: Data from the NVD and Tanium can be viewed in ServiceNow’s dashboards, providing detailed information on vulnerabilities, affected platforms, and remediation workflows.

Endpoint vulnerability data: Two core integrations bring endpoint-centric vulnerability data into ServiceNow – the vulnerable-item integration for endpoint data and the CVE Augmentation integration for additional data points.

Dashboards and reporting: ServiceNow’s dashboards offer out-of-the-box reports to quickly view and manage vulnerabilities, including metrics like the most vulnerable CI and the most popular CVE in the environment.

Zero-day threat response: In the event of a zero-day threat, administrators can manually trigger scans and data updates from Tanium to ServiceNow, facilitating immediate security incident creation and response workflows.

Part 3: Change and patch management

In the final installment of this series, Saquib and Ashley cover the Patch Orchestration integration, which is the newest addition to Tanium Security Operations for ServiceNow.

Key takeaways

Patch Orchestration plugin: ServiceNow’s Patch Orchestration plugin works with Tanium to link vulnerabilities with relevant patches, simplifying the patch management process.

Unified data source: Tanium provides both patch and vulnerability information from the same agent on a machine, allowing easy identification and remediation of vulnerabilities.

Comprehensive patch management: ServiceNow integrates patch data from various repositories and provides a contextual view of applicability on endpoints, aiding in risk assessment and remediation planning.

Change control process: ServiceNow facilitates the change control process by grouping tasks by SLAs and affected platforms, allowing remediation managers to prioritize and execute patches efficiently.

Automated change requests: Tanium automates the creation of change requests in ServiceNow, populating details such as affected endpoints and justification, significantly reducing manual effort.

Approval and deployment: Once change requests are approved, patches are deployed through Tanium, which scans for applicability, downloads, and installs patches automatically.

Real-time status updates: Tanium provides real-time status updates and auto-closes vulnerabilities in ServiceNow, ensuring compliance and reducing the need for manual intervention.

Audit trail and compliance: The integration provides a comprehensive audit trail, helping organizations meet SLAs and pass audits by consolidating data and processes in a single interface.

Scalability and efficiency: The solution supports large-scale environments, allowing efficient patching across millions of machines and consolidating multi-tool processes into a simplified workflow.

Additional resources

Tanium & ServiceNow partnership spotlight page

Technical documentation