Wrangu has delivered a custom application to allow a service provider to offer vulnerability management as a service to its UK customer base. This initial deployment will be used by the client to test the market with one customer already signed up for the service. The application provides integration with Qualys cloud based Vulnerability scanner and provides the capability to leverage the power of the already deployed ServiceNow® Configuration Management database with reconciliation against the Qualys asset list to reduce risk.
Due to the complex requirements and bespoke process the client made the decision to build a custom application rather than extend and highly configure the out of the box ServiceNow® Vulnerability Management application and Qualys integration.
Wrangu provided the subject matter experts with vulnerability and remediation management content knowledge as well as ServiceNow implementation specialists with Security Operations deployment knowledge. Together with the client Wrangu designed and produced an initial prototype which was developed further to create a Minimum Viable Product sufficient for a phase 1 deployment.
To support this client initiative Wrangu provided on-site and off-site resources to run workshops gathering and documenting scope as per ServiceNow® StartNow methodology (now SIM). The client provided various security specialists to create a collaborative environment for innovation. Using the agile methodology this combined scrum team crafted a product backlog which in turn became stories in sprints. Wrangu worked with the client to design the application and integration layer. Careful consideration was given to the fact an out of the box application exists and may evolve to meet the clients’ needs. With this in mind the application was designed to align closely to the out of the box equivalent such to allow the customer a possible migration path to the out of the box solution at a later date.
As well as providing the architectural oversight, quality assurance and hands on development expertise Wrangu also supported the customer through various testing cycles and worked directly with Qualys subject matter experts on the design on the integration layer.
Contact Wrangu to see how we can help improve your Vulnerability Management process.