Intrusion detection system is used by ServiceNow
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-24-2018 05:52 AM
I am in the middle of a Cloud Security audit and they are asking me what specific intrusion detection system(s) is used by ServiceNow to protect our data.
- Labels:
-
Threat Intelligence
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-24-2018 07:05 AM
Nevermind...reading is essential
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-06-2020 08:53 PM
Hi Kluces, Rachid, Ligardner,
We too have an audit requirement to submit IDS evidence for our Service Now instance. I do have access to ServiceNow CORE portal but can't find any evidences there about it.
- IDS (Intrusion detection system) - Name of Product and Supporting Evidence Required
with the Link shared in previous replies I could see the language from the assessment as below but nowhere I can find any evidence.
https://cloudsecurityalliance.org/star/registry/servicenow/
To access ServiceNow production network a VPN IPSEC tunnel is required via a 2-factor authorization. Also ServiceNow SIEM tools monitors network traffic through the VPN tunnel.
Internally, ServiceNow utilizes Splunk to centralize audit logs and to support the audit review process. As part of the purpose and design for this system, audit reviews occur daily for events that are considered lower risk. High risk issues, such as intrusion detection events trigger real-time alerts which are emailed to the Security Incident Response Team. ServiceNow has established a Scheduled Security Operations Checklist which includes procedures for performing daily reviews of Linux, Windows, Network Device, IDS, and identified issue logs.
Please refer to the following link for details on how to view and download various types of log files:
https://docs.servicenow.com/bundle/jakarta-platform-administration/page/administer/system-logs/concept/system-logs.html
ServiceNow has a dedicated Security Operations team. ServiceNow utilizes log collection tool to centralize audit logs and to support the audit review process. Access to these logs is restricted to security personnel with a need to know.
ServiceNow has established a Scheduled Security Operations Checklist that includes procedures for performing daily reviews of operating systems, Network Device, file integrity monitoring, privilege account usage, IDS, and identified issue logs.
ServiceNow does not deploy HIDS but does have dedicated IDS on the network.
ServiceNow leverages an enterprise grade IDS to monitor the datacenter environment at real-time. Sensors in our data centers detect malicious traffic (Denial of Service, vulnerability exploits, internet worms). The IDS solution is centrally managed to ensure consistent policies and signature updates.
For more details:
Please refer to the System Logs article here: https://docs.servicenow.com/bundle/madrid-platform-administration/page/administer/system-logs/concept/system-logs.html"
Please let me know if where I would be able to get the evidence for this.
Appreciate your help
Regards,
Imran
