FAQs for Security Operations

What is Security Operations?
Security Operations is ServiceNow offering that helps security organizations deliver efficient security response, streamline remediation and visualize their security posture. It extends the workflow and systems management capabilities of the core ServiceNow platform to security teams giving an organization a single platform for responding to security incidents and vulnerabilities. The solution includes applications for Security Incident Response and Vulnerability Response that together help organizations reduce their overall security risk. Why does Security Operations matter? Despite owning numerous security products, organizations continue to be breached. Furthermore, security teams don't have an effective way to answer the question "Are we secure and are things getting better or worse?" Siloed security products and manual, informal processes are causing incidents and vulnerabilities to be missed putting organizations to be at risk, or worse, breached.  

What exactly is the Security Incident Response Application and what is its value?
This application significantly compresses the time to identify, contain and respond to incidents. The Security Incident Response application simplifies identification of critical incidents and easily highlights infrastructure dependencies and related services. It includes a response workflow that follows the National Institute of Standards and Technology (NIST) best practices for security incident handling and can be customized by the customer to match their own runbook for incident response. Response coordination and requests that require multiple dependent tasks executed by multiple teams can be automatically created and assigned based on the incident attributes to ensure adherence to the response action plan and keep everyone in the loop. This reduces manual errors or missed communication steps when responding to an incident, increasing productivity and effectiveness. And because it leverages the ServiceNow CMDB, incidents can be prioritized based on business impact, ensuring security teams are focused on what has the most impact to the business first. The application also tracks all of the activities in the incident response lifecycle, including an automated post-incident review for a final report on the incident. This report is perfect for auditors and eliminates the manual work in a post-mortem exercise where all of the parties will try to stitch the details of the specific incident back together.  

What exactly is the Vulnerability Response Application and what is its value?
The Vulnerability Response Application compresses the time to identify and respond to vulnerabilities. It helps security teams determine what systems and services are susceptible to a vulnerability. It also identifies dependencies across systems and quickly assesses the business impact, due the integration with the ServiceNow CMDB. The solution provides a comprehensive view of all vulnerabilities affecting a given service or asset to help address a broader scope of open security issues. Response teams enable specific types of vulnerabilities to trigger automatic patching or workflows allowing for security teams to spend more time on other, more important tasks.  

What are the unique benefits of Security Operations?

Deliver Efficient Security Response  

• Customers can correlate information on incidents and vulnerabilities to the ServiceNow CMDB to understand the business criticality of an issue. This allows an incident responder to work on the most important issues first.  
• Our response workflow follows the National Institute of Standards and Technology (NIST) best practices for security incident handling and can be customized by the customer to match their own runbook for incident response. And includes an automated post-incident review report which eliminates the manual post-mortem report where different teams piece together their part of how they responded to the incident.
• This significantly reduces the time to identify, contain and respond to an incident.

Streamline Remediation  

• Customers can leverage IT Operations Management to enable specific types of security incidents and vulnerabilities to trigger automatic patching or workflows.  
• Our automation and orchestration capabilities are already proven through the work we've done with other parts of the enterprise, like IT, HR, and others.
• Automating basic jobs improving the bandwidth of the security analysts and response teams to respond more efficiently to attacks and incidents.      

Visualize Security Posture  

• Simple dashboards can show an executive and a security analyst the exact status of their overall security posture as well as drill down into a specific incident.  
• CISOs and Security Operations staff now have a single place to understand "Are we Secure"