TISC is GA now!! 

We are excited to announce that Threat Intelligence Security Center (TISC), ServiceNow's Threat Intelligence Platform, was released as GA on 9th May, 2024!!. Here's more about the product.

Problem Space

• Data Overload and Noise: The sheer volume of threat data from various sources can be overwhelming. Sorting through millions of indicators daily to find relevant threats is time-consuming and error-prone. A 2023 Cyber Threat Intelligence Survey found that 45% of users struggle to identify relevant intelligence due to vast data amounts.
• Integration and Interoperability Issues: Many TIPs struggle to integrate seamlessly with existing security tools and infrastructure, creating data silos and hindering holistic threat analysis. A 2023 MSSP Alert survey found that 19% of participants cite tool and integration challenges as a top concern in threat intelligence use.
• Actionable Insights and Prioritization: Extracting actionable insights from raw threat data and prioritizing threats effectively can be difficult. Security teams may be unsure which threats pose the most significant risk. A 2023 Picus Security report revealed that 33% of organizations struggle to prioritize and act on relevant threat indicators due to skills gaps.
• Lack of Context: Another significant issue is the lack of contextual information associated with threat data. Many TIPs provide raw indicators of compromise (IOCs) without context, making it challenging for analysts to understand the significance of a threat or its potential impact on their organization's security posture.
• High False Positive Rates: TIPs frequently suffer from high false positive rates, where benign activities are incorrectly flagged as malicious. This issue not only wastes valuable analyst time but also erodes trust in the platform's efficacy. A study by McAfee found that the average enterprise deals with over 200,000 security events per day, 99% of which are false positives.

Our Solution

Threat Intelligence-driven SecOps/CyberFusion Centers from ServiceNow

Threat Intelligence Security Center not only addresses the requirements of Threat Intelligence (CTI) teams but also shares valuable insights with other teams, including Incident Response (IR), Vulnerability Response Management(VRM), and Cyber Fusion Centers (Fraud, Insider Threat, etc.).

The introduction of TISC represents a pivotal advancement in our efforts to streamline and consolidate security products. This shift moves us away from traditional point solutions and toward embracing comprehensive platform solutions.

Our integrated solution, encompassing SOAR (Security Orchestration, Automation, and Response), TIP (Threat Intelligence Platform), Case Management, and Crisis Response, represents a transformative advancement in the industry. By delivering these capabilities within a single package, we offer unparalleled value to our users. This comprehensive, all-in-one solution not only streamlines security operations but also establishes a new benchmark for efficiency and effectiveness in the field.

Key Differentiators

The key differentiators in TISC redefine the landscape of threat intelligence while providing the standard capabilities expected of a Threat Intelligence Platform. 

• Fusion of Internal & External Intelligence: TISC seamlessly integrates external threat data with your internal information, offering a holistic view of the threat landscape. This fusion empowers your SOC with comprehensive insights to proactively mitigate threats.

• Inbound Filtering Rules: TISC's Inbound Filtering Rules enable precise data curation, reducing noise and allowing your analysts to focus on actionable intelligence. This feature alleviates common pain points encountered with other solutions, enhancing operational efficiency.

• Customizable Threat Score Calculator: Unlike traditional TIPs, TISC's Threat Score Calculator offers customizable weighted calculations tailored to your organization's unique risk profile. This flexibility ensures accurate threat assessments and enhances your SOC's adaptability.

• Empowering Case Management Features: TISC's robust case management capabilities facilitate seamless collaboration across SOC teams, fostering efficient threat investigations and resolution. This feature promotes teamwork and ensures thorough threat analysis.

• Threat Reporting: The threat reporting feature provides comprehensive, real-time insights into emerging cyber threats through detailed, customizable reports that include threat actor profiles, attack vectors, and indicators of compromise (IOCs) from various intelligence sources. Enabling quick interpretation of complex threat data and highlighting its relevance to specific environments, the platform also ensures timely dissemination of critical information with easy distribution to relevant stakeholders.

• Domain Separation: Domain separation empowers Managed Security Service Providers (MSSPs) to effectively administer and maintain the threat intelligence repository. This entails managing various elements such as threat sources, observables, indicators of compromise, and threat attack modes/methods, alongside case management across their client base. By implementing distinct customer workspaces for workflows, dashboards, and reports, MSSPs ensure the segregation of customer data, mitigating the risk of exposure to other clients. This approach not only reduces operational costs but also enhances the overall quality of service delivered.

TISC, built on the ServiceNow platform, can harness a multitude of core capabilities beyond its inherent features, leveraging the platform's expansive ecosystem for enhanced functionality. By tapping into ServiceNow's extensive marketplace of pre-built integrations and extensions, TISC can seamlessly integrate with third-party systems, expand its capabilities, and offer comprehensive solutions to meet diverse business needs. Moreover, by leveraging ServiceNow's continuous updates and advancements in areas such as AI, machine learning, and predictive analytics, TISC can stay at the forefront of innovation, delivering added value to users while remaining agile and adaptable in an ever-evolving digital landscape.

Key capabilities: 

• Curated catalog of popular OSINT Threat feed sources.
  
• Integration of premium feeds to enhance threat intelligence.
  
• Capability to automatically identify and extract all observables from the uploaded files.
  
• Data aggregation from diverse feeds, including STIX, MISP, JSON and more.
  
• Enrichment capabilities, for the removal of false positives, confidence/scoring of indicators, validation of indicators, and the addition of contextual information.
  
• Correlation rules for automatically establishing relationships between observables.
  
• Customizable threat score calculator for nuanced threat assessment.
  
• Integration of internal intelligence encompassing VR, SIR, Assets, Services, and CMDB.
  
• User-specific dashboards tailored for Threat Intel personas.
  
• Graphical visualization tools for comprehending Threat Intel data.
  
• Dedicated Threat Intel Analyst Workspace for streamlined operations.
  
• Threat hunting with case management and task functionalities.
  
• Empowering users to associate MITRE ATT&CK information with case records.
  
• Enable seamless integration with SIR and facilitate smooth data migration from Threat Intelligence within SIR to the Threat Intelligence Security Center.
  
• Establish notification rules to trigger alerts based on threat intelligence.
  
• Define data retention and cleanup policies.
  
• Generate and share status reports and investigation summaries using Case reports' rich text editor experience and customizable report templates.
  
• Domain separation support for MSSP use cases.
  
• Integrate with security tools using TISC API.

Find more details about each feature on our product documentation.

Important Links:

• Link to the app on store: Threat Intelligence Security Center
• Link to the documentation: TISC Product documentation

Want to know more about the product?

If you are interested in having a 1:1 conversation and would like to see a demo of this product, you can reach out to your ServiceNow Account Executive or Sales Representative, or simply comment on this post.