How Well Do You (Really) Know Your Security Operations?

SecOps eBook Vulnerability Response

The question of the day: How well do you actually know your Security Operations platform?

Is it possible that you’re not capitalizing on all a platform like ServiceNow SecOps has to offer? If you’re like many companies, chances are you are not. We know that you know how imperative it is to get Security right, but without a full understanding of the options available to you, you might be falling short. We’ll start with a few numbers;

  • 73% of companies have no common view of assets across Security and IT.
  • It takes an average of 197 days for a company to identify a breach.
  • For a company that has no security automation in place, each breach costs an average of $4.43 million.

All of the companies that have achieved Security success have two key traits in common. They are able to detect vulnerabilities quickly and they are able to patch said vulnerabilities in a rapid manner. Seems pretty straight forward.

But what you may not realize is that hiring more internal employees, or contracting to an external Security firm, does not equal better security, faster detection nor better patching. Instead of hiring based on the number of vulnerabilities, companies should look to improve their overall security posture by fixing the vulnerability detecting and patching processes and technology.

To do that, you need to understand what you’re working with. From Security Incident Response to Configuration Compliance and Performance Analytics, there are actually more than 10 distinct parts to ServiceNow’s Security Operations product. Which is why we’re going to help you brush up – starting with a sample of product overviews below. Or, if you’re ready to dive in, download our full eBook for a complete analysis of the platform, five tips to getting SecOps right, and real-world stories from Acorio customers.

Prioritize with Context: Vulnerability Response

While Security Incident Response is the backbone of your incident workflows and actions, Vulnerability Response prioritizes your vulnerable assets and adds context to help determine if business-critical systems are at risk. By leveraging the CMDB, Vulnerability Response can easily identify dependencies across all of your systems and quickly assess the business impact of estimated changes or potential downtime.

With a comprehensive view of all vulnerabilities affecting a given service as well as the current state of all vulnerabilities affecting the organization, response teams can then leverage the workflow and automation tools to remediate vulnerabilities.

Did you know: 57% of patches fail because they are managed with spreadsheets and emails.

For example, when a critical vulnerability is found, a workflow can automatically initiate an emergency patch approval request, directly to the process owner. Once approved, orchestration tools can automatically apply the patch and trigger a secondary vulnerability scan to ensure the issue has been resolved. For non-urgent patches, you can simply click a button to create a change request and send the relevant information to IT or to your in-house Cyber Security team. A coordinated Vulnerability Response remediation strategy for vulnerabilities across services and assets ensures that the most critical items are addressed first.

servicenow threatcase record

Example of a New Threatcase Security Record

Hunt for Attacks: Threat Intelligence

Threat Intelligence is a tool to help your incident responders find Indicators of Compromise (IoC) and hunt for low-lying attacks and threats.

It automatically searches threat feeds for relevant information when an IoC is connected to a security incident and, if applicable, can send IoCs to third-party sources for additional analysis. The results are reported directly in the security incident record for the Analyst to review, saving valuable time.

It is worth noting that ServiceNow supports multiple threat feeds, as well as STIX and TAXII, to incorporate threat intelligence data from a variety of sources.

An Example of a SecOps PA Dashboard with Pre-Built OOB KPIs

Monitor in Real-Time: Performance Analytics

Similar to Performance Analytic capabilities across the rest of the ServiceNow platform, Performance Analytics for SecOps creates advanced, real-time dashboards and reports.

It includes over 60 built-in key performance indicators (KPIs) and out-of-the-box dashboards but also allows you to create additional custom KPIs to track the metrics that are most important to your organization.

Dashboards allow your Analysts to use historical data to find organizational bottlenecks, refine response processes, and identify potential tasks for automation.

Discover the Rest

Yes, there is more where that came from. Check out the full eBook for a complete overview of the platform (including integration options, configuration compliance, and the platform backbone – incident response). In the book, you’ll also find two real-world customer stories and five tips straight from our experts on getting SecOps right, the first time.

Continue Reading