Welcome to the ServiceNow Security Operations Rome Release

Karl Klaessig
ServiceNow Employee
ServiceNow Employee
‎09-15-2021 07:32 PM

find_real_file.png

This exciting release includes cloud SIEM and threat intelligence integrations and expands our support of Application VR and tenable findings. In this release, we have focused on addressing three main concerns that continue to come up in our conversations with customers. First, their ability to gain insight into cloud-based threat intelligence and application vulnerabilities has been limited. Second, despite all the advances we’ve made in Security Incident Response, our customers’ security analysts are still struggling to keep up with all of the work, particularly when it comes to using multiple incident response solutions. And finally, our customers want a way to further automate processes and orchestrate responses so they can scale their teams and increase efficiencies.

For ServiceNow Security Incident Response (SIR):

  • Cloud-based SIEM Integration: Customers with a Microsoft security infrastructure want a centralized point of incident management, to create network-wide visibility, scalability, and confidence in responding to incidents. Now our Security Incident Response customers can Ingest events from Microsoft Azure Sentinel to gain the security data they need from these solutions to streamline and centralize incident response.

    This new integration delivers automated incident creation from from multiple Microsoft Security Technologies (Azure Sentinel , Defender ATP, Azure Security Center) with bidirectional communication, filtering, and event aggregation, with ServiceNow Security Incident Response. This creates the best of both worlds: ServiceNow’s system-wide visibility, workflow efficiencies, and scalability with all the visibility and rich insights from Microsoft solutions. 

  • Cloud security threat intelligence accelerates incident response:  Organizations are struggling to reduce risks from Cybersecurity event exposure; Meantime to detect and respond are two important KPI's to track to continuously improve security operations performance and protect the organization - they need to streamline incident response. The addition of Zscaler Threat intelligence to ServiceNow Security Incident Response workflows allows security and IT leaders to respond more quickly to emerging threats and gain better fidelity across incidents.  Additionally, ServiceNow can automate the addition of new malicious domains and URLs into Zscaler to immediately contain a threat. SIR integrates with zScaler Internet Access to drive incident response by triaging with threat intelligence context and blocking IOC's at the gateway.

For ServiceNow Vulnerability Response (VR):

  • Expanded support for Application Vulnerability Response: The sources of application vulnerabilities are growing and given the lack of a centralized view across applications and platforms...it makes it almost impossible for the application security manager to manage risks from vulnerabilities; particularly challenging given that the recent Verizon DataBreach Investigations Report indicated that almost half of all data breaches are a result of application vulnerabilities. Organizations need to prioritize and collaborate with the development organization to manage the risk from all types of application vulnerabilities. With that critical need in mind, we have continued to evolve support for managing the risk of all types of application vulnerabilities through additional integrations and capabilities. Application Vulnerability response now supports Veracode DAST/SAST, Fortify on Demand DAST/SAST, and Qualys WAS, to gain full visibility into vulnerability exposure.

  • VR integration with Microsoft Threat and Vulnerability Management: Customers are managing the infrastructure ecosystem with hybrid models of deployments and being monitored by hybrid assessment tools such as Tenable, Qualys, Rapid7 and Microsoft Threat and Vulnerability Management. Risk definitions and prioritization is different in different set of tools. It is hard for them to uniquely prioritize the vulnerabilities across different assessment tools. This Vulnerability Response capability integrates with  Microsoft Threat and Vulnerability Management to ingest asset, vulnerability, and recommendation information to prioritize the vulnerabilities and automatically assign and group the vulnerabilities using customer-defined rules to prioritize the vulnerabilities imported from Microsoft TVM. VR populates the recommendation details to provide additional guidance to the remediation team to patch the vulnerabilities within the required time. 

  • Orchestrate response to Tenable findings: This new integration with Tenable.sc and Tenable.io was developed by ServiceNow and validated by Tenable to meet complex customer requirements and best practices. The application provides our joint customers with a new option to establish and manage their security-IT workflows, helping to ensure they have the insights they need to execute on a risk-based approach to vulnerability management. 

To learn more, check out the Rome Release Notes, engage with the active Security Operations Community, or contact your sales team.

Join us for the Now Platform Rome event.

© 2021 ServiceNow Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, Now Platform, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated. 

..............................................................................................................................................................................

Join us for the The Now Platform Rome event.

Mark your calendar for the Now at Work, Now Platform Rome release broadcast  

Join us at Now at Work 2021 to learn more about what’s new in the Rome release. You won’t want to miss the Rome release highlights in a keynote session with Dave Wright, chief innovation officer as well as 20 sessions on demand, where we’ll highlight different ServiceNow® products, innovations, the Now Platform, and best practices for upgrading to the Rome release. Register today based on your region:

AMS: https://www.servicenow.com/ams/en/now-at-work.html

EMEA: https://www.servicenow.com/emea/en/now-at-work.html

AP: https://www.servicenow.com/apj/en/now-at-work.html

Japan: https://www.servicenow.com/apj/ja/now-at-work.html

 

................................................................................................................................................................................

 

Preview file
8 KB
Preview file
96 KB
  • 597 Views