Security operations are critical across both IT and OT environments. ServiceNow supports this through capabilities in vulnerability response (VR) and security incident response (SIR), offering enhanced visibility, scalable workflows, and seamless integration with third-party security tools.
A global pharmaceutical company—already a long-time ServiceNow customer—brought in a new CISO who sought to integrate ServiceNow into its SecOps strategy. To achieve this, the company partnered with CoreX on a multi-phase initiative aimed at improving collaboration between the security and IT teams, while streamlining the processes for managing vulnerabilities and security incidents.
This case study covers two consecutive projects: vulnerability response (VR) and security incident response (SIR).
To kick off the project, CoreX introduced its VRx program, a prescriptive implementation package for ServiceNow designed to streamline vulnerability detection, classification, and remediation.
The organization’s key challenges included spreadsheet-based workflows, inconsistent team coordination, and slow resolution timelines. Their goals: improve vulnerability tracking through dashboards, enhance performance monitoring, and scale response efforts efficiently.
With VRx, CoreX delivered a structured deployment that integrated with the company’s existing security tools and workflows. Key benefits included:
The first stage of the project involved the CoreX team working with the pharma company through the implementation and taking notes on anything the company wanted deployed beyond the core package. CoreX’s goal was to get the pharma company up and running as quickly as possible with VR in ServiceNow.
After the initial implementation, CoreX moved into a second phase to support additional reporting, process replication, and configuration beyond the core VRx package. The result was a significantly faster vulnerability remediation cycle and improved operational alignment.
The SIR implementation followed the VRx rollout, focused on prioritizing security incidents and reducing detection and resolution time. As with VRx, the SIR solution required integrating third-party security tools into ServiceNow.
One major challenge involved integrating the company’s security management tool, which initially flooded the system with duplicate or low-priority violations. CoreX collaborated directly with the tool vendor to engineer a solution: grouping multiple violations into a single incident, which was then ingested by ServiceNow as one comprehensive security ticket.
Another challenge was managing phishing incidents. The pharma company used a separate email security tool, and CoreX successfully integrated it into ServiceNow to automatically generate and track phishing-related tickets.
The SIR engagement is ongoing, with continued refinements to automation, response workflows, and integration. Key results include:
The main outcome of these results was improved visibility and scalability for the pharma company’s SecOp teams.
For example, when managing security violations, the integration between the third-party tool and ServiceNow meant that closing a ticket in ServiceNow also closed that ticket in the tool, and comments made on incidents in ServiceNow flow back to the tool. Working a single incident ticket in ServiceNow meant closing anywhere from 100 to possibly 1,000 violations rolled up into one third-party tool security incident.
The improved visibility came from a single pane of glass dashboard for leadership that could provide insights for both the security team and company leadership. It included elements like how many security incidents were closed in the past month, how quickly the team responded to incidents, and how often tickets were reassigned between teams.
For the pharma company, the VR and SIR collaboration with CoreX and integration of ServiceNow into its SecOps led to dramatically increased efficiency. The engagement between the company and CoreX continues today with plans to integrate additional third-party tools into ServiceNow and explore ways to further improve efficiency and ramp up automation.
After seeing what ServiceNow accomplished for SecOps via the VRx and SIR projects, the pharma company is looking toward OT vulnerability response and threat assessment on security incidents. It had already made a big investment in ServiceNow, and bringing the platform into SecOps gives it a more central role in managing overall operations.