With the 2024 Q4 Store release, ServiceNow has a few exciting enhancements to our Security Operations suite, including brand new features in Now Assist for Security Operations.
Recommended Actions (included with Now Assist for Security Operations)
With just one click, analysts can automatically access Now Assist's Recommended Actions, which uses a combination of AI search, KB articles, and steps taken on previous incidents to recommend next steps. This significantly shortens the investigation phase and allows incidents to be resolved more quickly. Recommended Actions enables analysts to minimize manual labor, empowering them to dedicate their time and efforts to higher-priority tasks. This feature is available with Now Assist for Security Operations.
Post-Incident Analysis (included with Now Assist for Security Operations)
With Post-Incident Analysis, analysts can quickly generate a post-incident review to understand the root cause and impact assessment of any security incident and save time by focusing on higher-priority tasks instead of dissecting lengthy incident notes. This streamlined approach enhances efficiency and enables quicker decision-making in critical situations. This feature is available with Now Assist for Security Operations.
Interactive Investigation Canvas (included with Threat Intelligence Security Center)
This new real-time visualization tool enables cyber threat hunters and analysts to visualize the investigation, analysis, and correlation of threats and attacks. They can import applicable records and data from sources like MITRE ATT&CK to assess attack progression, identify coverage gaps, and evaluate potential impacts on the organization. By leveraging this tool, users can perform link analysis, pattern analysis, and correlate various data points, connecting relevant information and relationships between entities and objects to enhance their understanding of security incidents.
Mitigation Control Detection (included with Security Posture Control)
Mitigation Control Detection allows organizations to have better visibility of mitigation controls in their environment such as WAF protection and exploit protection from EDR tools. By defining policies to monitor advanced configuration settings of EDR tools, organizations can gain valuable insights that can be utilized in Vulnerability Response workflows for effective prioritization. This proactive approach not only enhances security monitoring but also ensures that critical vulnerabilities are addressed in a timely manner.
