Use case: Monitor for critical vulnerabilities and understand the business impact With legacy solutions, it9s an ongoing challenge to manage security vulnerabilities and risk across multiple departments and functions. Someone on the security team may be able to spot a vulnerability due to a missing application patch4but it takes an integrated risk platform to tell you that the vulnerability affects your point-of-sale (POS) system and has the potential to cost millions in lost revenue. An integrated risk management program can help you gauge the associated risk, understand how it compares to all other risks, and track it through to resolution. You can also easily communicate the risk status and potential business impact to upper management. Imagine a security manager tracking 50 identified vulnerabilities. They might not notice that one patch isn9t installed correctly. Maybe a machine is offline when the patch is pushed out, or perhaps the patch depends on other updates to fully address the vulnerability. Whatever the reason, vulnerabilities like these linger unless you have an integrated risk program to identify and enforce the needed security. Working through ServiceNow Vulnerability Response, ServiceNow IRM collects data from a variety of vulnerability scanners. It identifies outstanding vulnerabilities and prioritizes each one based on severity, the availability of exploits, relative risk (based on a customizable score), and the potential impact on services (based on asset and business insights). Issues are automatically routed to the correct vulnerability manager for immediate resolution, who can choose a prescribed remediation path for a given vulnerability using Vulnerability Solutions Management. Dashboards provide real-time updates to the risk manager and business stakeholders. And decision-makers can easily quantify and manage the overall risk posture of the enterprise. A risk manager at work As a risk manager, I9m responsible for monitoring threats on a minute-by-minute basis. I can see on my ServiceNow Risk dashboard that a new critical risk has appeared. Drilling into the alert reveals that the POS system has an unpatched vulnerability and reveals insights into its exploitability. The issue can affect overall system availability and make us vulnerable to fraud or data theft. Without ServiceNow, I would waste time figuring out who should address the issue. Figure 2: Risk is calculated based on the business impact. 5