Tripwire IP360 and ServiceNow

Learn How Our Integration Can Help Your Vulnerability Response

Tripwire® IP360™ is an enterprise class vulnerability and risk management solution that enables cost-effective reduction of cyber threat risk by focusing your remediation efforts on the highest risks and most critical assets. The solution is built upon a scalable architecture that delivers risk based vulnerability assessment with speed, reliability and accuracy along with the industry’s most comprehensive vulnerability scoring and endpoint intelligence integration for quick response to new advanced threats. Tripwire® IP360™ identifies vulnerabilities, applying an unbounded mathematical scoring equation based on how long the vulnerability has existed, how egregious the exposure is, and what skillset is required to exploit the exposure. Thus, an old vulnerability that grants remote privileged access to an automated exploit will potentially score over 100,000 on the scale, while a new vulnerability with no elevation of privilege and no known exploit will score quite low.

The Vulnerability Response application enables granular manipulation of vulnerability data to leverage automated workflows and reporting for faster vulnerability response. Analysts can use the ServiceNow console to drill down into vulnerability data to better guide remediation processes. Tripwire IP360 data is correlated with the ServiceNow CMDB to prioritize critical vulnerabilities that affect key business services. The data is matched to an asset’s CI record in the ServiceNow CMDB and stores the discovered hosts information in the Vulnerability Response application as a Vulnerable Item. The automated workflows enable quick response, even creating automated patch requests for the most critical cases.

Scan results are imported into ServiceNow via a MID Server on a defined interval. Vulnerability Response managers may filter out the lower scoring vulnerabilities to only focus on the most critical, or can import every scan result for every asset to get a complete picture of the risks and exposures in the environment. Once the Tripwire data has been imported, GRC risk analysts can view and report on the vulnerabilities that are associated with a Critical Business Service. This data becomes a part of the asset’s CI record in the ServiceNow CMDB through the Vulnerability Response application. The vulnerability risk score of an asset will be calculated based on the Tripwire IP360 score combined with internal business criticality. Security operations administrators can then set priority and assignment based on the fields Tripwire provides, and analysts can respond by creating IT Incidents, Changes or Security Incidents within ServiceNow.

Real-time dashboards let you monitor your organization’s risk exposure and potential impact to business services.

The Tripwire IP360 integration with ServiceNow Security Operations is run at a periodic or defined interval to query Tripwire IP360 for the latest and most severe vulnerabilities to populate vulnerable items against CIs in the ServiceNow CMDB. ServiceNow is now capable of processing the information according to our expert advice or your own tailored security or business logic.

Image
Tripwire IP360 and ServiceNow data acquisition architecture.
Fig. 1 Tripwire IP360 and ServiceNow data acquisition architecture

Tripwire IP360 Highlights

  • Scalable & Flexible: Modular architecture that scales to your largest deployments
  • Meaningful Scoring: Prioritization based on the needs of your organization
  • Enhanced Productivity: Minimize manual effort through integration with your existing tools and processes
  • Full Network Visibility: Discover and profile all assets on your network

 

About ServiceNow

ServiceNow (NYSE: NOW) is the fastest growing enterprise cloud software company in the world above $1 billion. Founded in 2004 with the goal of making work easier for people, ServiceNow is making the world of work, work better for people. Our cloud-based platform and solutions deliver digital workflows that create great experiences and unlock productivity to approximately 5,400 enterprise customers worldwide, including almost 75% of the Fortune 500. For more information, visit servicenow.com

 

About Tripwire

Tripwire discovers every asset on an organization’s network and delivers high fidelity visibility and deep intelligence about those endpoints. When combined with business context, this valuable information enables immediate detection of breach activity and identifies other changes that can impact security risk.

Tripwire solutions also deliver actionable reports and alerts, and enable the integration of valuable endpoint intelligence into operational systems, such as change management databases, ticketing systems, patch management and security solutions including SIEMs, malware detection and risk and analytics. These integrations are part of our Technology Alliance Program, and they ensure our customers have robust, accurate information to make their organizations more cybersecure