ServiceNow Empowerment: Bridge the IT-SecOps Gap and Prioritize Incidents using your CMDB

Changing the SecOp’s Norm

Ask anyone working in Security Operations the average time it takes to detect a security incident and they’ll tell you it takes a long time. Like 6 months long. With the average company utilizing 75+ security tools, security engineers have to toggle back and forth between a plethora of different interfaces. It’s a lot of critical information to manage, yet most organizations are still using spreadsheets and email for incident tracking and discussion. This old-school approach makes it nearly impossible for companies to do anything above the baseline for SecOps, impeding companies from focusing on other important aspects of the department, like gathering metrics around the value and impact of the SecOps team.

Utilizing workflow and automation with IT to reduce manual efforts, ServiceNow’s Security Operations empowers organizations to quickly prioritize and resolve real threats. Bridging the IT-SecOps gap allows security incidents to be associated with your CMDB, thereby allowing you to automatically prioritize security incident responses to your financial systems over your demo servers. Once a vulnerability is discovered, a workflow can be triggered, which can then create & automatically assign “Apply HOTFIX-123” to your infrastructure engineer.

ServiceNow OOTB Tools

The SecOps module has a variety of valuable tools; with the Out Of the Box (OOTB) Dashboard, companies are granted visibility into key stats like average time to identify, time to contain, and impact to critical business services. Your friendly, neighborhood SLAs are also here to help ensure incidents are resolved in a timely manner. SecOps’ Security Incident Calculators are a big step-up too; they can be configured to decide incident priority based on affected service and incident category.

With its OOTB intuitive, extensible import tools, SecOps makes it easy to bring your existing runbooks into the SecOps KnowledgeBase. Security Incident templates can also be configured and utilized alongside service catalog items for users to easily submit malware & phishing incidents.

You can forget about swapping between those 75+ interfaces for your Security application as ServiceNow’s SecOps is compatible with all of the integrations you need to protect your business. The OOTB splunk integration automatically enriches incidents with relevant information from your splunk servers, while the Rapid7 integration synchronizes your asset and vulnerability information. The Palo Alto integration also works to keep your information safe by allowing connectivity to your firewall, wildfire, and autofocus integrations. With this triple-threat, you’ll be able to transform the way your company protects itself against cyber attacks.

Scan, Track, Prioritize, Resolve- The Life Cycle of Vulnerability Response

SecOps supports multiple integration points that can be used for threat detection and identification. Vulnerability Response allows vulnerability information to be brought over from NVD and other sources, triggering scans on all web server machines, UNIX machines, or any criteria of your network’s choosing. Scan results are then tracked and issues are prioritized, allowing you to resolve the most important ones first, via workflows and automation. With everyone receiving notifications for the closure of security incidents, you can now skip the post-mortem meeting. Even better, the steps to resolve the incident are documented in the post-incident review, enabling quicker resolution to similar incidents in the future.

Trusted Security Circles allows you to share bidirectional, real-time threat intelligence information with the members of your company who need to see it most. A new ransomware hits? Shared threat patterns can automatically provide and execute a remediation solution.

Implementation for SecOps, like any other ServiceNow module, is best performed in phases. We recommend starting with Security Incident Response and Vulnerability response. From there, it’s important to perform further configurations for those two basic implementations. The final phase should include configurations for Threat Intelligence, Performance Analytics, and Orchestration.

Information security is critical to the success of any company. While it can be difficult to implement, Security Operations is what keeps the wheels of a business turning. To avoid a catastrophe, it’s important to be proactive, rather than reactive, towards digital attacks. Are you looking to revamp the way your company protects itself and its information? Start by downloading our free ServiceNow Security Operations Whitepaper, and contact Acorio to speak with one of our experts today about what we can do to help ensure your company’s information is kept safe.


Continue Reading