The red team: ServiceNow's first line of defense
If you ask any ServiceNow employee about their role, they'll likely tell you their job and team are the best they’ve ever had. One small but mighty team proclaims this proudly: the red team, a group of professional hackers.
As vigilant guardians of the company, the six-person team is tasked with testing the security of our systems and identifying cyber risks, data vulnerabilities, and security threats. Their tireless efforts help ensure the safety of ServiceNow, our technology, and our customers.
“Our role at the company is pretty unique,” says Kevin L., director of the red team. “Our team has two vital goals. First, we identify and address risks and vulnerabilities before they can be exploited by anyone else. Second, we simulate real-world threats and attacks, allowing us to fine-tune our response procedures."
Taking notes
The red team uses two apps it created in its quest for cybersecurity excellence: Pulsar and Attack Narrative, both developed on the Now Platform. Pulsar is the mechanism for reporting findings, and Attack Narrative is the documentation repository for red team intelligence. Both are examples of how we use our own products to solve daily business challenges.
"Pulsar was born out of the necessity to comprehensively document our security findings,” explains Mark B., principal security engineer.
“We needed a system that could capture all the essential evidence: screenshots, code snippets, reproduction instructions, and full risk assessments. Pulsar was not only necessary; it was also incredibly adaptable. We customized it to meet our evolving needs as we used it—a truly unique approach."
Daily, the red team explores ways to compromise ServiceNow systems using any possible avenue, from gaining access through third-party websites like LinkedIn to sending phishing emails to trying to decipher passwords.
Attack Narrative serves as a storehouse for these activity logs, compiling documentation of any vulnerabilities identified. “Our findings often include step-by-step instructions on how an intrusion could occur,” notes Royce D., principal red team engineer.
The applications use custom role-based authentications to enable the red team to tailor campaigns to specific security objectives at ServiceNow.
Something special
"The red team and these apps are special because they not only solve problems, but they also ensure that we have a rich repository of data and information to share with the right stakeholders when needed," says Cheng L., staff red team development engineer.
Cheng joined ServiceNow three years ago and took on the responsibility of maintaining and enhancing Pulsar. "One of the most interesting contributions I made was adding a CKEditor, capable of managing a wide range of use cases,” she says. “It was initially introduced to the platform, but I improved it after joining the team."
"This business model around Pulsar is one of the most unique things I've encountered in my 20 years in the industry,” adds Erin P., senior staff red team development engineer. “It has the potential to address problems and serve as a valuable use case for our customers, explaining the importance of their findings."
A not-so-secret celebration
The red team is indispensable at ServiceNow. "Our executives hope we never break in, but they’re never surprised when we do,” Royce says.
“We are one of the best teams in the industry. As we strive to become the defining enterprise software company of the 21st century, it should come as no surprise that ServiceNow employs professional hackers dedicated to continuously and rigorously safeguarding our company. The red team is not a hidden secret. It's something we proudly celebrate."
ServiceNow is a fortress of innovation and security. Our red team makes sure of it—and represents the pinnacle of cybersecurity expertise.
Join a company that prioritizes security so you can do your best work. Explore ServiceNow careers.