IBM Guardium

Introduction :

In this blog, we will explore and gain more understanding about synchronization of data between IBM GDP and ServiceNow.

IBM Guardium Data Protection ServiceNow module integration with ServiceNow Vulnerability Response module will synchronize CMDB and VA data between ServiceNow and IBM Guardium providing centralized management of vulnerability data in ServiceNow.

ServiceNow modules, Vulnerability Response and Configuration Compliance, are closely related to the IBM Guardium Vulnerability Assessment (VA) application. IBM Guardium customers have requested a certified ServiceNow "plug-in" app, available via the ServiceNow Store, that will synchronize Guardium VA data with ServiceNow to facilitate centralized management and tracking of database and configuration vulnerabilities.

Vulnerability Response:

Prioritize vulnerability management with visibility into asset, risk, and threat intelligence. Workflow with IT for fast, efficient response. 

Configuration Compliance:

Identify, prioritize, and remediate vulnerable misconfigured software in deployment-stage applications using ServiceNow Configuration Compliance.

Business Usecases:

1. User can view Guardium vulnerability assessment results within ServiceNow Vulnerabilty Response and Configuration Compliance modules
2. User can adjust ServiceNow scheduled jobs (IBM Guardium Security > Integrations) to synchronize Guardium data with ServiceNow data and can run scheduled job on demand (Execute Now)
3. User can create a Test Exception, re-run Assessment Test, synchronize Test Result Details, and see an open Vulnerable Item (sn_vul_vulnerable_item) automatically closed due to the active Test Exception
4. User can run Assessment Test from ServiceNow UI to verify a fix for a failed Test Result
5. User can add a script in Database Export to modify the exported Database entry before being added to the Guardium Data Source export queue. For example, it may be desired to add credentials to the Guardium Data Source
6. User can adjust the appropriate CI Lookup Rule to match IBM Guardium data source entries to ServiceNow Configuration (cmdb_ci) Items

Installation Instructions:

• The IBM Guardium Data Protection central manager and managed units are typically installed behind a firewall.
• ServiceNow created the MID server application for outbound-only communication. You install the MID server inside the firewall, within the same data centre as your IBM Guardium central manager. This allows a ServiceNow app the ability to communicate with Guardium without punching an inbound hole in your firewall.
• Install and configure MID server to allow communication from ServiceNow to the Guardium Central Manager within your firewall.
  
  
  
  
  

• Follow below mentioned steps sequentially to configure ServiceNow IBM Guardium Integration:

1.     Create a user with MID server role

2.     Install MID server

3.     Install ServiceNow Vulnerability Response

4.     Install ServiceNow Vulnerability Response Integration with NVD

5.     Run ServiceNow Vulnerability Response Integration with NVD

6.     (Optional) Install ServiceNow Configuration Compliance

7.     Install IBM Guardium app from the ServiceNow store or from Update Set

8.     Install SSL certificate on your Guardium central manager, if necessary

9.     Trust the Guardium central manager SSL certificate

10.  Set ServiceNow system-wide timeout

Benefits of Vulnerability Response:

1. Reduce your attack surface : Give IT and vulnerability teams a collaborative workspace plus automation to remediate risks.
2. See potential exposure impact in real time : Continuously prioritize vulnerabilities using asset, severity, exploit, and threat intelligence.
3. Manage your security posture : Unify attack surface coverage data and identify the highest risk gaps. 
4. Prioritize and resolve cloud container vulnerabilities : Reduce the risk in dynamic cloud deployments, configuration issues, and container vulnerabilities.

Features of Vulnerability Response:

1. Application vulnerabilities : Assess dynamic and static testing results to track vulnerable items and coordinate remediation.
2. Vulnerability solutions management : View your organization’s most impactful remediation activities and monitor their completion.
3. Patch orchestration : Quickly identify, recommend, and schedule patches for critical vulnerabilities.
4. Security and IT workspace : Work strategically with IT teams to remediate vulnerabilities using collaborative workspaces.

Some Additional Features:

1. Exception management : Manage exceptions with scheduled deferments and automatic reactivation.
2. Third-party integrations : Integrate market-leading, vulnerability-scanning solutions. Enrich CMDB data to prioritize cases.
3. Configuration compliance : Find and fix misconfigured software. Prioritize and remediate cloud configuration issues.
4. Automated remediation : Expedite remediation tasks with assignment and group rules.
5.  Integrated performance analytics : Identify bottlenecks and areas for improvement. Consolidate scanning data to determine risk.
6. Cloud container security : Reduce risks from dynamic cloud deployments and container vulnerabilities.

Document refers the working functionality of Guardium and ServiceNow Integration :

GDP Integration with ServiceNow Demo.docx

Authors - Suchita, Ruchika Tiwari

w3 Profile - Suchita | Ruchika
IBM TechXchange Profile - Suchita