BlogEnhance existing security workflows with high-fidelity cloud security data from Wiz in ServiceNow

Enhance existing security workflows with high-fidelity cloud security data from Wiz in ServiceNow

Add Wiz’s cloud and container security context to your organization's ServiceNow CMDB, vulnerability response, and IT service management solutions

4 minutes read

ServiceNow is an essential link for many IT, Configuration Management, Vulnerability Response, Compliance, and Infrastructure teams. ServiceNow customers leverage these modules as the  backbone of their IT operations. As they migrate to the cloud they face new challenges like keeping inventory updated with ephemeral workloads and ensuring prioritized security risks are presented with the cloud and container context necessary to fix critical issues. Wiz’s partnership with ServiceNow helps security teams achieve their desired cloud security outcomes using their existing workflows in ServiceNow. 

Benefits of bringing Wiz’s cloud security context to ServiceNow

To build a robust cloud security program, organizations must address several key challenges when adapting their existing ServiceNow workflows:

  • Inventory cloud resources accurately. Cloud workloads are dynamic and ephemeral, making it challenging to keep cloud inventory information about multi-cloud IaaS, PaaS, and serverless cloud resources updated. 

  • Triage cloud security issues in ITSM. To get high-fidelity, clear, and actionable cloud security alerts in ServiceNow ITSM Dev, SOC, or incident response teams have to manually stitch together security data and context from multiple cloud security tools to understand whether the issue is critical. 

  • Prioritize and fix critical cloud security vulnerabilities. Teams get help prioritizing which cloud and container vulnerabilities to fix from the thousands or millions the Vulnerability Management they see in ServiceNow Vulnerability Response and ServiceNow Container Vulnerability Response. 

  • Gain visibility into cloud misconfigurations. Every new cloud service introduces more misconfigurations and risks that cloud security teams must fix. Prioritizing efforts based on alignment to compliance frameworks that matter to your organization is challenging when triaging from a list of hundreds or thousands of misconfigurations. 

Operationalizing cloud security with existing ServiceNow solutions 

According to Gartner, by 2028, modernization efforts will culminate in 70% of workloads running in a cloud environment, up from 25% in 2023*. Maintaining ServiceNow as your go-to ITSM, CMDB, and Vulnerability Response solutions through this modernization can help infrastructure, IT, and security teams familiarize themselves with the cloud while maintaining similar workflows. To make this tactic effective, your teams must have the necessary cloud context to accomplish the organization's cloud security goals. 

Wiz integrates with ServiceNow modules through multiple certified applications on the ServiceNow store to help organizations operationalize cloud security: 

ServiceNow Vulnerability Response (VR) 

Vulnerabilities from Wiz get pulled into ServiceNow VR to populate detections and vulnerable cloud resources. Wiz’s enriched vulnerability fields (i.e., external exposure, vulnerability has a known exploit, etc.) help teams triage, prioritize, and fix the vulnerabilities that could have the largest business impact. 

ServiceNow Container Vulnerability Response (CVR)  

Most organizations leveraging the cloud also use containers. Wiz gives the same visibility into containers, Kubernetes, and PaaS services as it does for Virtual Machines, and scans for vulnerabilities across all these technologies. Vulnerabilities identified by Wiz across container images are pulled into ServiceNow CVR. Teams fixing container vulnerabilities will have context around the container image if it’s validated in run time with Wiz’s runtime sensor, so they can patch and resolve the vulnerability. 

ServiceNow Configuration Compliance (CC) 

Cloud security posture and compliance are key elements in ensuring that cloud resources are secure. Wiz scans for misconfigurations across cloud resources and maps how data and infrastructure in the cloud maps to common compliance frameworks and regulations. Wiz cloud configuration findings and Issues across cloud services and host configuration findings on VMs are pulled into ServiceNow CC module. Teams using the CC module to fix issues receive the full spectrum of toxic combination findings, CSPM-style checks, and host configuration checks mapped to their respective compliance frameworks. An organization with custom frameworks can utilize the integration’s robust filtering to prioritize those findings. 

ServiceNow Configuration Management Database (CMDB) 

Wiz inventory (i.e., VMs, Containers, and other resources) is pulled through a Service Graph Connector (SGC) to populate the ServiceNow CMDB configuration item tables. The Wiz SGC pulls newly created cloud resources every day, relying on Wiz’s agentless approach to keep your tables updated daily. Combined with the other Wiz integrations, the Wiz SGC helps with a better matching process and ties the findings to the primary configuration item. 

ServiceNow’s IT Service Management (ITSM) 

To ensure that the teams can work together to fix any Issue sent by Wiz, we integrate with ServiceNow’s ITSM solution. Issues proactively generate tickets with Wiz’s cloud context in your chosen table for teams to track progress and add evidence throughout the investigation and remediation process. 

Integrating Wiz with ServiceNow will transform our security workflows optimized for on-premise environments to the cloud. Our vulnerability management teams can prioritize and swiftly address critical security issues in key cloud resources by leveraging Wiz's accurate cloud inventory and vulnerability findings within ServiceNow. This partnership between Wiz and ServiceNow will enhance our vulnerability response capabilities and ensure our cloud resources remain accurate and compliant with evolving regulations.

Jason Thorn, Director of Security Operations & Incident Response, Rate

Start integrating Wiz with ServiceNow today 

Organizations can significantly enhance their cloud security posture by integrating Wiz with ServiceNow. This partnership empowers teams to swiftly address vulnerabilities and compliance issues, ensuring a robust security posture in the ever-evolving cloud environment.  

To learn more, join us for a webinar in August, Wiz & ServiceNow: Streamline Cloud Security Workflows, where we’ll give a demo and highlight how companies have benefited. 

*Source: Gartner, IT Infrastructure, Operations & Cloud Strategies Conference 2023 London, Laurence Goasduff, 20 November 2023.

Continue reading

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management