Understanding ServiceNow Security Operations

Cyber Risk

Vulnerability Management (VM) is defined as the “cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating” software vulnerabilities. It is a practice which, when effectively implemented, can protect the products and services of your organization. In a 2019 study conducted by IBM, it was found that as many as 77% of organizations do not have a consistently applied cyber Security Incident Response (SIR) program, the kind of program that fosters collaboration between IT teams and stakeholders from multiple areas of the organization. ServiceNow® Security Operations (SecOps) helps you achieve this through intelligent automation that assists in prioritization by asset criticality.

Kirk Hogan, Chief Innovation Officer at Iceberg Networks, answers top questions about cyber risk and security operations.

CISOs and security leaders are most challenged with prioritizing time, focus and budget on the right things. As noted by Kirk Hogan, Chief Innovation Officer at Iceberg Networks, when trying to deliver a good level of return on investment (ROI), it is important to establish priorities with set outcomes, then focus on those priorities until you deliver on them.

ServiceNow® Security Operations brings incident data from your security tools into a structured response engine that uses intelligent workflows, automation, and a deep connection with IT to prioritize and resolve threats based on the impact they pose to your organization.  You will know where to assign resources to achieve the most value to your organization. It offers security orchestration, automation and response (SOAR) built on the Now Platform. By tapping into your existing security tools through APIs or direct integrations, it can automatically create prioritized security incidents. The power of the platform shines through with features like Predictive Intelligence, which for example can assist in rapidly identifying suspected phishing emails.

This decade has seen a sharp increase in organizations utilizing remote teams, cloud-based operations and software-oriented infrastructure solutions. This leads to a greatly expanded attack surface, and we’ve already seen that up to 60% of organizations have faced a security breach, even though a patch was already available but not applied. With ServiceNow® Security Operations, intelligent workflows help map security incidents to business services and IT infrastructure. This leads to better prioritization of incident queues and vulnerabilities based on business impact. In the end, you’re looking to protect the products and services that your organization has to offer, and it’s these powerful tools that foster a smooth collaboration between your IT team and non-tech stakeholders alike.

The utility of ServiceNow® Security Operations does not end at quickly and efficiently remediating a security incident. A security knowledge base (KB) is created out of the incident’s full lifecycle. Everything from analysis and investigation to containment and remediation is tracked in the platform. As noted by Winston Churchill, “Those that fail to learn from history, are doomed to repeat it.” This security knowledge base automatically associates incidents with relevant KB articles, so that future incidents can be addressed even more quickly.

ServiceNow® Security Operations is not simply focused on incident response. A comprehensive view of all vulnerabilities, notably, the current state of vulnerabilities affecting your organization, is also of paramount importance. Using a calculated risk score, the Vulnerability Response workflow provides continuous monitoring by exchanging data collected from observables and workflows with ServiceNow® Governance, Risk and Compliance (GRC). When a critical vulnerability is found, the workflow kicks in and notifies all stakeholders and creates a high-priority patch request for your IT team. It provides recommendations on the most impactful remediation steps and offers a real-time status of patching progress. Reports and dashboards powered by intelligent predictive analysis algorithms can even forecast future performance.

As the power of the ServiceNow® Security Operations engine demonstrates, security operations is not solely the domain of the IT department. It encourages the growth of your SIR program by connecting all stakeholders. It helps the IT team communicate the value of these workflows to non-technical stakeholders by prioritizing security incident alerts based on what is most critical to your organization. Priorities are always changing, and it takes a platform like ServiceNow to ensure your organization stay ahead of incidents and vulnerabilities that can dramatically impact your bottom line. To find out how you can make ServiceNow® Security Operations a part of your infrastructure, contact Iceberg Networks today.

Start your GRC journey.
We’ll be your trusted partner.

Start your journey