sb-au logo
Story image

New ServiceNow cloud offerings designed to help security teams

ServiceNow, the enterprise cloud company, has released Security Operations, a single platform to help security and IT teams to respond to security incidents and vulnerabilities.

The offering includes two cloud-based applications: Security Incident Response and Vulnerability Response. These services enables customers to define, structure and automate security response to compress the time to identify and contain threats and vulnerabilities. This can ultimately reduce an organisation’s overall risk while improving analysts’ overall effectiveness, the company says.

“ServiceNow is bridging the gap between IT operations and security by replacing manual, informal processes with a proven orchestration platform,” says Sean Convery, ServiceNow Security general manager.

“Transforming security response is the next frontier for firms to fortify their security posture and increases the value of the detection and protection products they have already deployed,” he says. 

According to the Ponemon Institute, it takes enterprises an average of 206 days to spot a breach and an average of 69 days to contain it.

Furthermore, a research study from the Enterprise Strategy Group (ESG), based on input from more than 180 security executives, there are many obstacles against rapid and consistent security response. Findings include:

  • The number one incident response challenge cited was coordinating between security and IT teams.
  • 9 out of 10 respondents said that their incident response effectiveness and efficiency is limited by the burden of manual processes.
  • Nearly 75% of cybersecurity professionals said that incident response tends to be based upon informal processes at their organisations.
  • A third of organisations spend at least half of all incident response time on manual processes leading to inefficiencies and delays.

“Although organisations have invested heavily in identifying security vulnerabilities, they’ve neglected a critical step in remediation - formalising their teams’ incident response workflows. This is especially the case when it comes to collaboration between cybersecurity and IT operations groups,” says Jon Oltsik, ESG author of the report and senior principal analyst and the founder of the firm’s cybersecurity service.

“The ESG research clearly demonstrates how time-consuming, inefficient and ultimately damaging these process problems and bottlenecks can be,” he says.

Specifically, ServiceNowSecurity Operations offering provides:

A single platform for managing security incidents and vulnerabilities. The software extends the workflow, automation, orchestration and systems management capabilities of the ServiceNow platform to security teams, according to the company. The platform enables the team to manage the process of responding to and remediating incidents, and removes manual processes that slow security incident resolution times.

Prioritisation of security risks with business criticality. Customers can attach incidents and vulnerabilities to records within the ServiceNow configuration management database (CMDB). This pairs security data with insight into the virtual or physical asset at risk and the business service that asset supports. By doing this, an IT team can see, for instance, that the server being attacked contains sensitive human resources data and should be prioritised accordingly.

Automation of manual functions to free up IT and security teams to address critical issues. By leveraging ServiceWatch, IT operations management software from ServiceNow, teams can trigger automatic patching, configuration changes to security infrastructure, or other standard workflows to contain and fix security incidents and vulnerabilities. Automatic post-incident reports are created, crucial for auditing purposes. This eliminates the tedious manual process most organisations use today.

Greater visibility into current security issues by category, class and priority, and status of tasks.  Organisations get role-based dashboards, providing real-time trending data necessary to understand whether an organisation is effective in securing their enterprise. It also includes an executive dashboard showing team productivity, existing gaps and overall security posture.

Third-party integration

To increase the value of security products customers have already deployed, ServiceNow Security Operations integrates with third-party software applications, including security incident and event managers, and vulnerability identification solutions. The software also integrates with the National Vulnerability Database, which is the U.S. government repository of standards-based vulnerability management data.

ServiceNow Security Operations is available now and priced on a per device basis.

Story image
CrowdStrike and ExtraHop partner up to bolster cloud threat detection
The companies say the partnership will marry network visibility, machine learning (ML) behavioural threat detection and decryption of SSL/TLS sessions.More
Story image
Vulnerability discovered in DNS recursive resolvers that can be abused to launch DDoS attacks against any victim
Researchers have discovered a vulnerability in the implementation of DNS recursive resolvers that can be abused to launch disruptive DDoS attacks against any victim.More
Story image
Cyber alert: tackling the unseen risk that could sink your business in 2020
A successful cyber attack can have many implications for your business, including a price tag you may be unwilling or unable to pay. More
Story image
Months on, many organisations still don't have secure remote access - report
The report analyses the extent to which businesses were prepared for the sudden shift into remote working due to COVID-19 restrictions, and analyses how organisations have adjusted to support remote workers amidst the COVID-19 pandemic. More
Story image
Endace and Palo Alto Networks launch integration to empower security teams
“The combination of Cortex XSOAR’s powerful orchestration and automation capabilities with the rich network history recorded by the EndaceProbe Analytics Platform gives security operations access to the conclusive forensic evidence they need to respond quickly and accurately to threats.” More
Story image
A winning proposition for critical infrastructure
When is a surveillance system more than a surveillance system? When it not only protects an organisation’s premises but also supports efficient, reliable operations, and health and safety.More