- Post History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
11-14-2023 01:42 PM - edited 11-14-2023 03:32 PM
In ServiceNow’s last Store Release of 2023, there are three noteworthy innovations added to the Security Operations offering: Vulnerability Crisis Management, Compensating Controls for Vulnerability Response, and many new Now-on-Now flow-based playbooks.
Updates to Vulnerability Response
Vulnerability Crisis Management
With ServiceNow’s Vulnerability Crisis Management, vulnerability managers can create and track critical vulnerability events in a dedicated, centralized workspace. From here, they can perform tasks including:
- creating vulnerability assessment records.
- recording key attributes of the vulnerability to calculate risk.
- performing assessments to identify exposure level.
- and engaging with stakeholders for rapid response,
The November release adds on-demand risk reduction through Compensating Controls to ServiceNow Vulnerability Response. Organizations can enhance prioritization by leveraging available compensating controls, lower risk ratings via approval workflow, and send risk reduction questionnaires if a vulnerability cannot be patched within the SLA. With this new feature, the approver can see details behind the risk reduction reasoning and can implement compensating controls to ensure risk is not impacted.
Updates in Security Incident Response
In addition to the existing Security Incident Response playbooks (manual and automated phishing response, manual and automated malware response, and failed login), many new flow-based playbooks have been added to help Security Operations Centers respond more quickly to security incidents. These include:
- Playbook for Office 365- Malicious File Detected: This playbook provides systematic remediation steps for investigating malicious files detected in Office 365
- Playbook for Repeat Detection: This playbook helps you determine if the incident response has been provided on an exact or similar phishing report in the past and automatically works on the new report similarly.
- Playbook for Spoofed Emails: This playbook provides systematic remediation steps to investigate Spoofed Emails, which get triggered when spoofed names for emails are sent to the organization's employees.
- Playbook for Endpoint Detection: This playbook provides systematic remediation steps to investigate malware alerts triggered on a host or endpoint (For example, a malicious file detection).
- Playbook for Possible Password Spray: This playbook provides systematic remediation steps to investigate password spray alerts triggered by multiple failed logins (too many authentication failures from more than one IP address for the same user).
- Playbook for T1003- Detect Credential Dumping Tools: This playbook helps with the early-stage triage of user-reported phishing submissions by alerting the analyst to the possibility of a look-alike domain in the Phisher's email address.
- Playbook for Email Domain Spoofing Detection: This playbook helps with the early-stage triage of user-reported phishing submissions by alerting the analyst to the possibility of a look-alike domain in the Phisher's email address.
- Playbook for Typo Squatted Domain: Typo Squatted domains are intentionally misspelled domain names that closely resemble legitimate ones. Attackers take advantage of -' spelling errors to lead them to an ill-intended website for financial exploitation or other malicious activities.
Flow Designer to Process Automation Designer (PAD) Playbook Conversion Tool
In addition to the many new flow-based playbooks, we are pleased to announce that the Flow Designer to PAD Playbook conversion tool is now available in the Vancouver release. This tool will automatically transition Flow Designer playbooks to PAD.
- 759 Views