Remediate Vulnerabilities with Integrated Aqua and ServiceNow Workflows
The move to cloud native changed the daily operations of security teams. This shift requires teams to monitor the risk embedded within cloud environments, which increases the noise level, and piles up thousands of security issues to handle. This new reality requires different measures to handle relevant incidents based on the risk they impose and how to prioritize the vulnerabilities based on their runtime implications.
Aqua answers these requirements by providing full visibility from code to cloud and back by announcing Aqua’s integration to ServiceNow’s Container Vulnerability Response (CVR) which address these challenges using Aqua’s Cloud Native Application Protection Platform (CNAPP).
This integration provides the automated ingestion, filtering, and grouping of Aqua’s vulnerability scan findings, that help security and application teams identify, prioritize, and triage vulnerability risk at scale for containerized applications using standardized, consistent workflows. Centralizing all cloud native issues to reduce the time to resolution and allow smaller security teams to address the risk of cloud environments at scale.
Aqua with ServiceNow CVR
The Aqua Cloud Native Application Protection Platform (CNAPP) provides security across the entire application lifecycle, from development to deployment and runtime. Having the visibility for all these processes allows Aqua to have compressive insights which are translated into context. Having such visibility from code to workload enables two main advantages:
Prioritization – based on data correlation, it is possible to evaluate the actual risk of an issue and understand if there are imminent risks or issues which can be handled later.
Reduced time to resolution - once an issue is declared imminent, it is simple to track its source in the code and the implications or runtime environment, allowing fast response.
The integration with ServiceNow expands Aqua’s CNAPP boundaries by adding the capabilities to monitor and handle vulnerabilities, cloud misconfigurations, and other issues in one place, allowing for tasks to be assigned to different teams in the organization using ServiceNow tools and to track their status and ensuring completion.
The integration between Aqua and ServiceNow also considered the emphasis on velocity in development. Enabling security teams to detect and remediate vulnerability risks using automated workflows to help applications triage more efficiently and close the loop, ensuring secure code is moved through the application pipeline.
How Does the Integration Work?
The Integration of Aqua’s vulnerability data is facilitated through a ServiceNow application that fetches data from the Aqua CNAPP Platform and loads information to the Vulnerability Response and Configuration Compliance for Containers application. The integration covers vulnerability data for image registry and CI/CD pipeline scans and running containers which can be filtered according to application scopes.
Aqua supports integrations with a broad range of image registries and integrates directly with CI/CD pipelines. Once connected to image registries, the scanner continuously and efficiently scans registries and functions for ongoing visibility into vulnerability and risk posture, applying updated threat intelligence to identify newly affected packages and applications.
The integration populates ServiceNow Container Vulnerability with output from:
Aqua Security Vulnerability: providing all the vulnerabilities which were found in the cloud native environment to be logged and handled in SNOW VR
Aqua Security response policies: allowing to manage of other issues then vulnerabilities such as cloud misconfigurations or supply chain issues using SNOW
By providing accurate insights on running workloads with a high-risk vulnerability, Aqua’s vulnerability data as well as the associated application context, empowers teams to focus and prioritize how to best remediate risk to the business.
Prioritization helps teams avoid being overwhelmed in zero-day scenarios, like Log4j, where they can be dealing with potentially tens of thousands of images that need to be triaged and need to focus on high severity finding such as which running images incorporate the vulnerability, and which applications the containers are associated with.
The ServiceNow Container Vulnerability Response reflects that containerized applications have become a mainstream approach for delivering business-critical applications – and that attacks targeting containers represent a real risk to these applications.
The integration of findings from Aqua’s platform with the ServiceNow’s Container Vulnerability Response will help cross-functional teams operate more efficiently and drive consistent processes for the detection and triage lifecycle. To help drive further efficiency gains, Aqua will invest in richer integration of vulnerability assessment logic to incorporate more information on which images with the same CVE are a lower priority to inform workflows.