ServiceNow reinvents security response

ServiceNow is extending its industry-leading automation and orchestration expertise to transform the way organizations respond to threats.  ServiceNow’s first offering, Security Operations, gives both security and IT teams a single platform to respond to security incidents and vulnerabilities.

  • 8 years ago Posted in
“ServiceNow is bridging the gap between IT operations and security by replacing manual, informal processes with a proven orchestration platform,” said Sean Convery, general manager of Security, ServiceNow. “Transforming security response is the next frontier for firms to fortify their security posture and increases the value of the detection and protection products they have already deployed.”
 
It takes enterprises an average of 206 days to spot a breach and an average of 69 days to contain it, according to the Ponemon Institute.
 
A research study from the Enterprise Strategy Group (ESG) issued today – based on input from more than 180 security executives – offers insights to the obstacles facing rapid and consistent security response. Highlights include:
 
·      The number 1 incident response challenge cited was coordinating between security and IT teams.
·      9 out of 10 respondents said that their incident response effectiveness and efficiency is limited by the burden of manual processes.
·      Nearly 75% of cybersecurity professionals said that incident response tends to be based upon informal processes at their organizations.
·      A third of organizations spend at least half of all incident response time on manual processes leading to inefficiencies and delays.
 
“Although organizations have invested heavily in identifying security vulnerabilities, they’ve neglected a critical step in remediation -- formalizing their teams’ incident response workflows.  This is especially the case when it comes to collaboration between cybersecurity and IT operations groups,” said Jon Oltsik, author of the report, ESG senior principal analyst and the founder of the firm’s cybersecurity service. “The ESG research clearly demonstrates how time-consuming, inefficient and ultimately damaging these process problems and bottlenecks can be.”
 
ServiceNow Security Operations includes two cloud-based applications: Security Incident Response and Vulnerability Response.  By extending ServiceNow’s industry-leading workflow and automation software to incident and vulnerability response, organizations can remove inefficient, manual processes – such as using emails, phone calls or spreadsheets. ServiceNow enables customers to define, structure and automate security response to compress the time to identify and contain threats and vulnerabilities. This can ultimately reduce an organization’s overall risk while improving analysts’ overall effectiveness.
 
Specifically, ServiceNow Security Operations addresses the security shortfall in these ways:
 
·      Provide a single platform for managing security incidents and vulnerabilities. The software extends the workflow, automation, orchestration and systems management capabilities of the core ServiceNow platform to security teams. The platform enables the team to manage the process of responding to and remediating incidents, and removes manual processes that slow security incident resolution times.
 
·      Prioritize security risks with business criticality. Customers can attach incidents and vulnerabilities to records within the ServiceNow configuration management database (CMDB). This pairs security data with insight into the virtual or physical asset at risk and the business service that asset supports. By doing this an IT team can see, for instance, that the server being attacked contains sensitive human resources data and should be prioritized accordingly.
 
·      Automate mundane, manual functions to free up IT and security teams to address critical issues. By leveraging ServiceWatch, IT operations management software from ServiceNow, teams can trigger automatic patching, configuration changes to security infrastructure, or other standard workflows to contain and fix security incidents and vulnerabilities. Automatic post-incident reports are created, crucial for auditing purposes. This eliminates the tedious manual process most organizations use today.
 
·      Gain greater visibility into current security issues by category, class and priority, and status of tasks.  Organizations get role-based dashboards, providing real-time trending data necessary to understand whether an organization is effective in securing their enterprise. It also includes an executive dashboard showing team productivity, existing gaps and overall security posture.
“By adding Security Operations from ServiceNow, organizations can formalize these response process to close the gap between security and IT,” said Dan Hushon, chief technology officer, CSC. CSC is combining our ServiceNow consulting capabilities, inclusive of our Fruition Partners subsidiary, with our market-leading cyber services to bring clients a new integrated operating model.”

Third-Party Integration
To increase the value of security products customers have already deployed, ServiceNow Security Operations integrates with leading third-party software applications, including security incident and event managers, and vulnerability identification solutions.  The software also integrates with the National Vulnerability Database, which is the U.S. government repository of standards-based vulnerability management data.  ServiceNow's application program interfaces (APIs) and the ServiceNow Store make it easy for security companies to integrate to Security Operations and join the ServiceNow Technology Partner Program.
Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...