ServiceNow brings security automation to the cloud with AWS

Cloud infrastructure presents new risks, new systems, and less control for security teams that are already overwhelmed by security alerts, manual processes and siloed security tools that complicate decision-making and the hand-off of remediation to IT counterparts.  

To help solve this challenge, ServiceNow, the digital workflow company that creates great experiences and unlocks productivity, has extended its security operations portfolio with the release today of two integrations with AWS Security Hub. ServiceNow is aligned with AWS’s strategy of providing security at-scale, and our vendor-agnostic approach and ability to take action on a range of security data sources is a unique value for our joint customers. With these integrations, joint customers can aggregate cloud data within Security Hub, then automatically kick-off the approved response or workflow in ServiceNow Security Operations or IT Service Management (ITSM), directly from Security Hub.  

Streamlining cloud workloads through tight security and IT integration 
Security Hub provides customers with a single place that aggregates, organizes and prioritizes security alerts from multiple AWS services.  With this new partnership, AWS customers can use the ServiceNow platform to coordinate security incident and vulnerability response across hybrid cloud deployments and workflows, leveraging the openness, scale, and automation of Security Operations and ITSM with Security Hub. 

For example, when an alert meets defined criteria in Security Hub, a security incident or ticket is automatically created in Security Operations or ITSM. In Security Operations, threat intelligence on observables can enrich the security incidents, providing precious contextual data to support triage and remediation. Predefined playbooks can be assigned based on the incident category (e.g. malware, Brute Force, DOS attack, etc.) to guide response actions. Analysts can also manually forward events from the AWS Security Hub console to drive response. In addition to pre-defined playbooks, customers can use Flow Designer to create the custom workflows required for their organizations’ postures, policies and processes.  

The Power of the Now Platform when transitioning to AWS 
To effectively manage and improve systems, customers need to know exactly what assets are in their IT environment and have current, accurate configuration data. The ServiceNow CMDB provides a single system of record for IT. When paired with ServiceNow Service Mapping, the CMDB becomes serviceaware—which enables applications to be serviceaware as well.  

Using built-in workflows, ServiceNow routes incidents to the correct personnel or response tools to contain, mitigate or remediate threats. Post-incident reporting, customizable dashboards and metrics help teams improve processes going forward and provide a dynamic and continuous view of the overall security profile. Importantly, customers can leverage ServiceNow’s integration with AWS Security Hub to help with their transition to AWS, as ServiceNow provides a single platform solution to manage both on-premises and cloud-native workflows. 

ServiceNow takes a customer centric approach to developing products and services. As companies increasingly shift to the cloud and digital business requires more complex IT infrastructures, ServiceNow is here to help, regardless of where workloads reside. 

For more information, visit ServiceNow’s Security Operations and ITSM Community blog posts.