SecOps

Implementing Agile Security Response [ServiceNow’s Essential Checklist]

ServiceNow agile Security

There are a lot of benefits for companies increasing their use of technology: streamlined processes, increased efficiency, and easier tracking of data. That said, with this shift, it’s important to pay close attention to your security solution and protect yourself against external security threats. According to a 2018 report, the cost of breaches increased by 6.4% from 2017, demonstrating that the danger of these threats is in fact only getting bigger.

Unfortunately, external threats are getting more complex and sophisticated, and traditional approaches to security operations aren’t cutting it these daysTo make things worse, these attacks not only endanger your data, but also your firm’s budget and business reputation. Customers care whether or not they can trust your enterprise with their private information and users are enabled now more than ever to post their reviews of companies online and share them with the worldIn a consumer-driven world, these online reviews can make or break a business.    

Instead of trying to tackle these breaches with old and inefficient solutions, ServiceNow works to coordinate manual processes, saving you time, money, and manpower.  

Ready to see how you measure up? Rate your organization’s ability to respond to security threats and vulnerabilities using this short checklist from ServiceNow. By answering these questions, you’ll be able to evaluate the right security operations solution that could one day support your entire enterprise.  

According to ServiceNowthese are the questions you should use to evaluate how the right security operations solution could support your enterprise.  

Does your security operations solution: 

  • Rely on a single source of truth across security and IT?
  • Integrate with the configuration management database (CMDB)?
  • Prioritize all security incidents and vulnerabilities?
  • Automate basic security tasks?
  • Ensure your security runbook is followed?
  • Quickly identify authorized approvers and subject matter experts?
  • Respond faster with orchestration?
  • Collect detailed metrics to track performance, drive post-incident reviews, and enable process improvements?  

“In short, the right solution enables efficient response to incidents and vulnerabilities and connects security and IT teams. It also lets you clearly visualize your security posture. From the CISO and security team, it’s an integrated security orchestration, automation, and response platform that answers the questions, “Are we secure?”  

Comparing security response approaches: 

When a high-profile vulnerability arises, there are several ways an enterprise can react. Compare the response of an organization using a traditional, disjointed approach with one using an integrated response platform.

Traditional approach: 

Once a threat is uncovered, the security team scrambles to address it. The CISO hears about it and wants to know if the organization is affected. The team races to assess systems and determine who needs to approve any emergency patching. Many processes are manual, so analysts struggle to quickly gather the information required to provide the CISO with an accurate assessment of the impact. Manual coordination between teams can take days, leaving critical systems vulnerable and putting the business at risk of a data breach.

“An innovative security operations solution is essential for responding to the increasing number and sophistication of today’s threats and vulnerabilities. With complete visibility into disruptive issues, security and IT teams can easily coordinate with all stakeholders to investigate and remediate issues.” 

A new approach: 

In comparison, the organization using a security orchestration, automation, and response platform can immediately respond to the vulnerability. It quickly kicks off the following steps:

Assessment: First, scan data is automatically pulled into the security response system from a vulnerability management system. This is correlated with external sources such as the National Vulnerability Database and their internal asset database to prioritize vulnerabilities by both the potential risk of the vulnerability itself and the impact to the organization’s business services.

Notification: Then a pre-built workflow notifies the security team of a critical vulnerability impacting high-priority assets. Analysts can review information about the vulnerability and the items at risk in a single console.

Response: In parallel, a workflow starts the response process. The system automatically triggers requests to approve emergency patches for critical vulnerable items. Once the patches have been implemented, additional scan verifies the fixes before the vulnerability can be marked closed.

Mitigation: Now that the critical items have been patched, security and IT can create a plan to address the remaining vulnerable items using a single response platform. Change requests are automatically routed to the right people within IT, eliminating the need to memorize the organizational structure. The common platform ensures they share information on a secure “need to know” basis.

Report: Now, the CISO is briefed, and the security operations solution automatically generates a post-incident review with accurate metrics. The CISO is happy, and the organization is secure.

If you’d like to keep reading, rest assured that this is just a sneak peek of ServiceNow’s available information on security operations. To learn more about the importance and challenges of security operations, download ServiceNow’s eBook, Implementing Agile Security Response. With its comprehensive, essential security operations solution checklist, you’ll be able to quickly assess your current approach and compare it to new security approaches.  

Continue Reading