Vulnerability managers and IT asset and remediation managers have a common enemy: exploitable and vulnerable systems. With the latest releases, a reimagined user experience and new integrations will help your teams collaborate to reduce and harden your attack surface across your estate, including the cloud.

New workspaces for IT and vulnerability managers
As part of the modern user experiences being rolled out across the ServiceNow platform, ServiceNow has unveiled two new workspaces designed specifically to facilitate workflows across organizational lines:

In the Vulnerability Manager workspace users:

• Monitor the high-profile vulnerabilities that security teams in your organization care about the most with Watch Topics
• Create Remediation Efforts from these Watch Topics to focus IT teams on priority vulnerability resolution.
• Populate remediation tasks with IT-centric information to facilitate IT response
• Auto-assign to the groups authorized to manage the vulnerable items

The new IT Remediation Manager workspace highlights the vulnerability information in the context of other details to help the administrators get to work. They can easily identify the highest risk items and take appropriate action including responding back to the vulnerability manager about false positives or to request an exception. This integrated model helps both teams meet their goals to comply with SLAs and policies while quickly handling evolving and critical software vulnerabilities.

Tenable.io Integration for Configuration Compliance
You may already use Tenable to keep your CMDB up to date through the Vulnerability Response “Tenable for Assets” integration. However, it can be challenging to seamlessly migrate the data necessary for timely prioritization.

Now, after a Tenable scan is run, configuration test failures can be imported to ServiceNow for prioritization using ServiceNow Configuration Compliance. This enhancement means you can ingest critical configuration data from Tenable.io into the CMDB to inform risk ratings and vulnerability prioritization. Once Tenable.io data is in ServiceNow, the standard Configuration Compliance process is followed. With this integration you can:

• View configuration tests, test results, policies, and authoritative sources
• Prioritize test failures using the risk score calculator
• Integrate with ITSM change management for remediation

Application Penetration Test Requests in VR
Worried about how well you might hold up to an attack on the apps you manage or develop? Vulnerability response updates permit app owners to request a pen test, and then upload and manage test results in Vulnerability Response.

Wiz support for cloud vulnerability management
For customers who leverage Wiz to scan their cloud infrastructure for security issues, we have great news! Now, you can integrate Wiz with ServiceNow Vulnerability Response and gain a more complete view of your overall attack surface. Wiz provides in-depth analysis to help you monitor and prioritize the mitigation of vulnerabilities in your cloud. Just import cloud vulnerability data from Wiz, then prioritize, assign, and monitor remediation efforts using Vulnerability Response.