CI Matching for Vulnerability Response - How to get it right.

The matching of your CMDB's Configuration Items (CIs) to the list of hosts and vulnerabilities brought in by your scanner is key to the success of your Vulnerability Response (VR) implementation. Learn how this works and how to do it right in 20 minutes. In this second episode of the 2020 VR series, Andy Ojha, Principal Security Consultant with the Professional Services organization at ServiceNow shares his knowledge and advice so you can be successful. Ensuring that the early steps of CI Matching are executed as needed will ensure an optimum use of the CMDB and guarantee time savings and effectiveness down the line. Getting it wrong will create unnecessary challenges. This tutorial follows the earlier episode of the VR series: "The importance of your CMDB for Vulnerability Response." https://community.servicenow.com/comm... ----------------------------- Video contents 00:01 Introductions. 01:20 The VR maturity model. 01:37 The VR tutorials series. 02:08 The VR forum. 02:28 CI Matching = Scanner + VR application + CMDB. 02:55 CI Matching: how it works. CI Lookup Rule, Discovered Items, Vulnerable Items, Third Party Entries library. 05:56 An example. 04:55 CI Matching is an iterative process, the first run is critical. Matched Discovered Item, Unmatched Discovered Item, Unmatched CI. 06:05 Flavors of Matched Discovered Items: Complete (success), Incomplete (needs more work), Incorrect (needs more work). Unmatched Discovered Items. 07:39 "Walk-up" for low level CIs with no context.Parent. 08:37 Vulnerable Items. 09:00 Lessons learned in the field. Best prevention: get the CMDB and the CMDB team ready. 11:40 Success with VR is about cross-functional leadership, change management and coordination. 12:18 What YOU (Security team) should do: training and community, start small and iterate. 12:30 How to interact with the CMDB team: engage early, understand the CMDB, make sure they understand your VR strategy, ensure they are ready to handle unmatched CIs. 14:31 How to interact with your Partner/Consultant. Iterative approach is key, track results, tune the Lookup Rules, ServiceNow Discovery. 16:51 Involve the remediation teams, the end users of the VR implementation. 17:15 Keep the executives apprised. 17:52 Beyond CI Matching, there is more. Scanners, Vulnerabilities, Exploit Enrichment, Remediation Target Rules, Risk based approach with Scoring, Grouping, Assignment. Watch the upcoming episodes. 19:00 What you should be doing RIGHT NOW: Engage with your partner and your CMDB team, review the other VR tutorials, engage in the VR forum, sign up for training. 19:48 Conclusion and reminders. For all your questions and to download the PDF version of the slides, please go to the VR forum: https://community.servicenow.com/comm...