Contact Us

Global Construction and Engineering Firm Accelerates Vulnerability Response

As a leading global provider of civil engineering, technical, professional, and construction services, this company is trusted with a wide range of sensitive data. To effectively protect this data and strengthen its security posture, the organisation wanted to streamline its security tools to identify and respond to critical vulnerabilities faster.



To achieve this, the civil engineering firm engaged Thirdera to implement ServiceNow Vulnerability Response and integrate ServiceNow with Rapid7 InsightVM for vulnerability data and CMDB enrichment. Thirdera automated the vulnerability process and used data from Rapid7 to enhance the reliability and accuracy of CMDB. 

As a result, the company gained real-time visibility into all of its vulnerabilities and was able to quickly prioritise potential threats. IT benefitted from a faster and more efficient way to remediate risks while eliminating manual spreadsheets that resulted in time sinks and backlogs. With Thirdera and ServiceNow, the civil engineering firm improved its ability to respond rapidly to vulnerabilities, strengthening its cyber defense capabilities and ensuring an enterprise approach to cybersecurity.


Company Profile

Size: 55,000 employees  |  Industry: Civil Engineering & Technology  |  Location: United States


Key Challenges

scrum master icon

As the company grew, it outgrew its manual vulnerability process and needed enterprise-grade solutions to support threat remediation and vulnerability prioritisation.

e book knowledge article data icon thirdera pink

Manual documentation methods like spreadsheets were used to aggregate and distribute 19 million discussed vulnerabilities, leading to an unmanageable amount of data.

time fast clock icon thirdera pink

It was complex and time-consuming for 12 remediation teams spread across many countries to manage 90,000 devices with 19 million known vulnerabilities.

magnifying glass code icon thirdera

The company received more scrutiny on its alignment to best practices, including ISO and NIST standards, underscoring the immediate need to optimise vulnerability program performance.

The civil engineering firm regularly deals with sensitive and confidential information while working on high-profile projects across the private and public sector. This means the firm must ensure it has advanced security tools in place to protect sensitive data and its IT infrastructure from cyber attacks and breaches. As the company gained more of an international presence, it also needed to maintain compliance with global cybersecurity guidelines and regulations.

The organisation needed to accelerate its vulnerability response rate, but manual processes slowed IT’s ability to respond to threats and determine responsibility across global teams. As the organisation grew, there was also increasing scrutiny to align with ISO and NIST standards, further prompting the need to optimise vulnerability program performance. Since the company’s use of Rapid7 in conjunction with manual spreadsheets was insufficient to address the optimisation required, the company turned to Thirdera and ServiceNow.


Our Solution

Thirdera helped the civil engineering firm implement ServiceNow Vulnerability Response to improve the organisation's vulnerability management process. Thirdera integrated Rapid7 InsightVM with ServiceNow to help the company’s remediation teams leverage vulnerability and endpoint analytics within the ServiceNow tool they already used. These solutions enable the organisation to quickly assess potential exposures and reduce the attack surface with enhanced collaboration and automation.

To enhance collaboration and risk visibility, Thirdera set up persona-based dashboards for the company’s chief information security officer, relevant approvers, and remediation tasks specific to assigned groups. The dashboards enabled team members to quickly pinpoint areas of concern, prioritise remediation efforts, and monitor remediation progress.

The Result

With ServiceNow’s advanced security tools, the civil engineering firm has significantly strengthened its security posture and its ability to meet clients’ growing risk management needs.


The company now responds to potential vulnerabilities faster than ever. Scalable, intelligent workflows help the team automatically prioritise vulnerabilities in real time.

Dashboards created by Thirdera give each remediation team critical threat information, when and where they need it. Remediation specialists can prioritise and respond to threats with complete visibility into the company’s IT assets.

The company no longer worries about the future risks associated with geographic expansion or outgrowing its security technology. ServiceNow’s scalable architecture can adapt quickly to the company’s evolving security needs.

The company improved vulnerability management by implementing and integrating ServiceNow Vulnerability Response and Rapid7. It reduced 19 million vulnerable items (VIs) across 90,000 devices to 6.8 million VIs grouped into 2,000 automatically prioritised and assigned remediation tasks. Rapid7 data improved CMDB fidelity and provided informative business context during vulnerability analysis.

The organisation has significantly accelerated its vulnerability response because remediation teams can quickly hone in on actionable, prioritised tasks. Helpful dashboards and efficient workflows enable teams to leverage and optimise their existing tools, harden their attack surface, and eliminate time-consuming manual spreadsheets. With the combined power of ServiceNow and Thirdera, the organisation now has the insights and tools it needs to respond to vulnerabilities and empower teams with accurate, risk-based prioritisation.


About Thirdera

The largest pure-play ServiceNow partner in North America, Thirdera is a trusted Elite ServiceNow partner focused solely on improving and innovating the way our customers leverage the ServiceNow platform. Our experts possess authoritative capabilities and skillsets spanning the entire Now Platform. This extensive platform expertise allows us to understand our customers’ needs and deliver tailored solutions that solve business challenges.

Contact us today to discuss your next project, and enter a new era of ServiceNow partner experience.

Get in touch


Tommy LaMonte

Tommy is part of Thirdera's ServiceNow Security and Risk practice with over 9 years of experience on the ServiceNow platform. He has guided customers through a variety of ServiceNow implementations and improvements across ITSM, SecOps, IRM and more, from identifying areas to get the most value out of implementations to architecting best practice solutions.