Redefining threat intelligence and security incident response with Microsoft

Threat intelligence: two workers looking at a laptop screen in an office

I’m excited to announce a new integration between ServiceNow® AI Agents for security and Microsoft Security Copilot.

Uniting the AI capabilities of both platforms delivers enriched threat intelligence and contextual data within ServiceNow Security Incident Response (SIR). It also provides Microsoft security products with real-time visibility into remediation progress of security cases and critical infrastructure-centric Configuration Management Database (CMDB) insights for threat prioritization.

This is all made possible through ServiceNow Security Operations, specifically SIR Professional Plus and SIR Enterprise Plus, with Microsoft Security Copilot.

Optimizing insights, enhancing resolution

This integration optimizes incident insights within SIR and enhances Microsoft security products’ security incident resolution statuses and threat prioritization capabilities, driving continuous security posture and awareness.

"By integrating Microsoft Security Copilot, we are able to provide a more comprehensive and timely response to security incidents within ServiceNow SIR, enhancing our customers' security posture," explains Lou Fiorello, group vice president and general manager of security and risk products at ServiceNow.

Elevating the security ecosystem

Security teams benefit from faster, more accurate incident resolution, reinforcing our commitment to delivering cutting-edge, AI-driven solutions that elevate the entire security ecosystem. Let’s take a closer look at the mutual benefits:

Threat insights: The automated interaction between ServiceNow AI Agents for security and Microsoft Security Copilot harnesses Microsoft Defender Threat Intelligence to enrich each incident with real-time indicators of compromise, vulnerability data, and deeper threat context for accelerated prioritization and response.
User and device information: Integrating Microsoft Entra (for user identity) and Microsoft Intune (for device management), ServiceNow AI Agents for security help ensure incidents in SIR are up to date on user and device details, driving faster and more accurate remediation.
Incident awareness and progress: Microsoft Security Copilot receives updates from ServiceNow SIR via the ServiceNow plugin for Security Copilot on incident status, resolution steps, and progress, enabling analysts to maintain and centralize situational awareness within the Microsoft console.
CMDB context: By using ServiceNow CMDB through the ServiceNow plugin, Microsoft Security Copilot gains real-time visibility into asset relationships and configuration details. With this richer context, security teams can more effectively prioritize alerts using a risk-based approach, focusing resources on the most urgent threats first.

"The integration with ServiceNow CMDB provides Microsoft Security Copilot with critical context, allowing Microsoft Security Copilot agents to reason over service tickets, assets, and configurations stored in ServiceNow,” says Dilip Radhakrishnan, chief product officer for Microsoft Security Copilot at Microsoft.

“Through our strategic integration between ServiceNow and Microsoft, we are driving AI innovation and delivering enhanced capabilities for our customers in the security space."

At ServiceNow, we look forward to launching these capabilities later this year to empower our mutual customers.

Find out more about how ServiceNow helps organizations rapidly respond to evolving threats.