Now Assist for Security Operations is Generally Available!

Miranda Ju
ServiceNow Employee
ServiceNow Employee

on ‎08-06-2024 02:03 PM - edited on ‎10-17-2024 07:09 AM by Administrator

We're excited to announce that our Generative AI product, Now Assist for Security Operations (SecOps), is now live on the ServiceNow Store! In our August release, we are thrilled to introduce three key features designed to enhance your experience:

  1. Security Incident Summarization 
  2. Resolution Notes Generation
  3. Interactive Q&A in the Now Assist Panel 

These new capabilities are aimed at boosting analyst productivity and reducing the mean time to contain incidents, making your SOC team more efficient and effective. 

 

Screenshot 2024-08-06 at 1.23.00 PM.png

1. Security Incident Summarization 

 

  • Security analysts often face challenges in quickly understanding complex security incidents due to the overwhelming volume of data, including work notes and comments, and a lack of contextual clarity.  
  • Traditionally, analysts have had to navigate through various fields in the incident table, switch between related lists, and sift through lengthy work notes. Now, with the security incident summarization skill powered by Now Assist, analysts can simply click the 'Summary' button to receive a concise and easily digestible summary of the incident.

 

MirandaJu_1-1722975847927.png

 

The incident summary includes four key sections: 

 

  • Issue: A brief snapshot summarizing what happened in the incident. 
  • Details: This section provides a concise overview of when, what, and how the incident occurred, offering analysts a quick grasp of the context without sifting through extensive data. 
  • Observations: It captures crucial information from related records, such as the affected users, observables, and configuration items (CIs). This helps analysts understand the incident's impact at-a-glance. 
  • Key Actions Taken: This section summarizes the work notes and response tasks, providing a clear record of the actions that have been taken to address the incident. 

 

With the summary, analysts can share it directly to the work notes and have the option to edit any content before posting it.

MirandaJu_3-1722975944531.png

Worth noting, we offer flexibility for the admin role on the customer side to configure which fields should be summarized and displayed. For example, if an analyst needs to view the sighting search results, the admin can easily configure that to be included in the summary.

 

MirandaJu_2-1722975915830.png

 

2. Resolution notes generation 

 

  • When an analyst changes the incident state from review to close, comprehensive close notes are required. Now Assist automatically generates detailed resolution notes based on the actions taken during the incident response. Analysts can review and modify these notes to ensure accuracy before finalizing them. This automation streamlines the incident closure process, allowing for quicker documentation, reducing administrative overhead, and freeing up analysts to focus on more critical tasks.

 

MirandaJu_4-1722976049108.png

 

3. Speed-Up Investigations via Natural Language Queries in Now Assist Panel 

 

  • Analysts can utilize natural language queries within the Now Assist Panel to quickly ask security incidents questions, generate resolution notes, or summarize records, all in a conversational manner. It represents the first step towards a freeform chat experience, where analysts can ask questions related to security incidents and relevant contexts using natural language. For the August release, this capability will be limited to providing information for a specific security incident. However, future enhancements will include integration with a Knowledge Graph, enabling the capture of more contextual information and relationships among multiple incidents and data fields. (Some sample questions you can ask see the screenshots below.)

 

MirandaJu_5-1722976095589.pngMirandaJu_7-1722976116802.png

 

This is just the beginning of our journey to transform SecOps and bridge the skills gap in cybersecurity. With our Generative AI capabilities, we're not just saving analysts minutes on each incident; we're multiplying those savings across countless incidents and SOC teams. This efficiency can save companies thousands of hours, translating into significant cost savings—potentially upwards of $400,000. Using the Now Assist value calculator for ITSM as reference, below is a potential cost saving for a customer who handles 500 security incidents in the SOC per week (or ~2,000 security incidents per month). 

 

MirandaJu_8-1722976191539.png

 

For more information about Now Assist for Security Operations, please reference the Supporting Links and Docs on the ServiceNow Store. 

 

We stand at the dawn of a new era, where we can proudly say that ServiceNow is shaping the SOC of the future. Join us as we redefine what's possible in security operations! 

 

  • 8,136 Views
Version history
Last update:
‎10-17-2024 07:09 AM
Updated by:
Administrator