SecOps Quick Start Guide

Welcome to the SecOps Quick Start Guide

If you're just starting your Security Operations (SecOps) journey, then you've come to the right place. This guide will help you understand what the SecOps products are, how they work in tandem with our Workspace UI, and it’s a great place to return to as our products evolve over time. For a quick overview, watch this video:

 

 

 

Overview

ServiceNow SecOps helps security teams scale faster, smarter, and more efficiently, enabling and automating critical collaboration of data and process between IT, security, and risk to effectively respond to and remediate threats. SecOps brings in security and vulnerability data from your existing tools and uses intelligent workflows, automation, and a deep connection with IT to streamline your security response. ServiceNow SecOps helps you use the power of the Now Platform® to reduce cybersecurity risk and drive cyber resilience. Below are the SecOps products that we’ll provide information on in this document:

• Security Incident Response (SIR)
• Vulnerability Response (VR)

Before You Get Started

Before you get started with your SecOps product consider the following:

 

Customizations

If you're upgrading from a previous release, you need to validate the level of customization you've made to your instance. We suggest performing normal upgrade and/or regression testing when activating your SecOps product in a sub-production instance. The following modifications may need to be remediated when activating your SecOps product, for more information refer to the product documentation:

• Customized user interface, for example hard-coded styles or UI Scripts.
• Adopted a classic workspace and want to adopt a new configurable workspace.
• Created custom components in classic workspace and want to adopt a new configurable workspace.

Feature Support

Check the product documentation for functionality that is not supported, and verify your instance is not using this functionality or there is a migration plan to replace unsupported functionality. Refer to the application page in the ServiceNow Store to ensure you have the required plugins and dependencies for the applications you are installing.

 

Workspace Status

If you are a current classic workspace user, consider how you will migrate to a configurable workspace either before or shortly after your SecOps product is activated. We encourage customers who are not using workspaces to begin exploring our configurable workspace solutions after upgrading to San Diego+. Refer to product documentation to learn more about the Security Incident Response (SIR) Workspace and the Vulnerability Response Workspaces.

 

Release Strategy

Consider how you will deploy your SecOps product to your production instance. It is highly recommended to activate your SecOps product in your sub-production environment and perform upgrade/regression testing to ensure your instance is operating as expected. Remediate any prior user interface customizations and activate your SecOps product with any remediations as part of your organization's normal release process to make the configuration changes in your production instance.

 

A few steps to know beforehand, no matter which product you’re using:

1. Our newest capabilities can be found on the Vancouver and Washington DC family releases. We focus on making sure our new SecOps additions are at least N-1 when we release them. If you need to upgrade, here’s some guidance on it: Upgrade Resources.
   
   
2. Familiarize yourself with the documentation for the product that you’re using, as it’ll provide the groundwork needed to get your organization up and running:
   Vulnerability Response Quick Start Guide
   Security Incident Response Quick Start Guide
   
   
3. New to SecOps? Consider training: SecOps Fundamentals On-Demand is a great starting point. For more, check out this article highlighting recommended training for SecOps.
   
   
4. To successfully roll out SecOps, you need your business to understand and use SecOps and recognize its benefits. To do this, you need to communicate what’s changing and why, and get alignment with your business. A great way to start this process is to hold a kickoff workshop. This community article takes the example of a Vulnerability Response workshop and explains who needs to be involved.

Steps to Quick Success with SIR

1: Explore the documentation listed below to get started.

2: Explore the SIR Demo to get a brief overview of how the product will work in your environment.

3: Consider your options for implementation. Do you want ServiceNow Experts to implement? Or perhaps one of our partners? Or even self-implementation. This article will give you a brief overview of your implementation options: Implementation Success.

4: Before you start to implement SecOps, it’s critical to have a clear vision of what you want to accomplish. SecOps allows you to deliver multiple positive business outcomes, and you can achieve all of this over time. Here’s a primer on how to achieve success: Define your SecOps Success.

5: For a comprehensive implementation process framework that is proven to scale to the largest, most complex global deployments, check out our Success Packs on Now Create. Success Packs tailor our core Now Create methodology, consisting of more than 700 leading practices, to deliver business outcomes aligned with specific product sets. Security Incident Response Accelerated Implementation will get you started from the ground up.

SIR Documentation: (product page) (datasheet) (product documentation) 

 

Steps to Quick Success with VR

1: Explore the documentation listed below to get started.

2: Explore the VR Demo to get a brief overview of how the product will work in your environment.

3: Consider your options for implementation. Do you want ServiceNow Experts to implement? Or perhaps one of our partners? Or even self-implementation. This article will give you a brief overview of your implementation options: Implementation Success.

4: Before you start to implement SecOps, it’s critical to have a clear vision of what you want to accomplish. SecOps allows you to deliver multiple positive business outcomes, and you can achieve all of this over time. Here’s a primer on how to achieve success: Define your SecOps Success.

5: For a comprehensive implementation process framework that is proven to scale to the largest, most complex global deployments, check out our Success Packs on Now Create. Success Packs tailor our core Now Create methodology, consisting of more than 700 leading practices, to deliver business outcomes aligned with specific product sets. Vulnerability Response Implementation Guide provides customers with guidance to deliver a VR deployment with vulnerability scans data ingestion, automation, increased productivity, and enhanced visibility into their enterprise.

VR Documentation: (product page) (datasheet) (product documentation)