• Products
  • Use Cases
  • Industries
  • 3 strategie per l'innovazione
  • Scopri come trasformare l'esperienza utente dei tuoi clienti con l'intelligenza artificiale.
  • 5 passaggi per la trasformazione
  • Un'esperienza cliente proattiva e connessa è essenziale per i financial services.


  • Gartner nomina ServiceNow come leader
  • Magic Quadrant 2018 per la categoria Enterprise High-Productivity Application PaaS.


  • Abbiamo bisogno di ambasciatori!
  • Utilizza i nostri strumenti e risorse per sostenere ServiceNow in maniera più efficace all'interno della tua organizzazione.

Scopri di Più

  • Knowledge 2019
  • Dal 5 al 9 maggio vieni a Las Vegas e porta il tuo modo di lavorare a un livello superiore.

Taming the security beast

Better visibility into your attack surface helps keep hackers at bay

By Jeffrey Davis

  • Most companies fail to manage routine security threats
  • Manual processes that make it hard to spot vulnerabilities are a big reason companies get breached
  • Automated platforms can reduce the time security staffers spend toggling between apps and systems

A 50‑year old company in the world’s oldest industry—agriculture—is an unlikely role model for best practices in 21st cybersecurity.

Yet in May 2017, with the WannaCry ransomware victimizing companies around the globe, Fonterra, the world’s largest dairy cooperative, decided it needed to better understand its true attack surface before it was too late. That led it to invest in a set of new tools that gave it real‑time visibility into threats across hundreds of sites and assets.

“We realized we didn’t have a common view of assets and how they linked to business services,” said Cynthia Patterson, Fonterra’s general manager, technology & services, during a keynote security presentation at Knowledge18, ServiceNow’s annual conference. The goal was simple: “Figure out what to patch and when,” she said.

Managing routine security threats is a fundamental task at which most companies fail. Just 37% of companies that were breached over the last two years perform basic vulnerability scanning, according to a recent ServiceNow survey conducted by the Ponemon Institute. And 57% of cyberattack victims report that their breaches could have been prevented by installing an available patch.

In other words, the majority of companies continually fail at basic security hygiene.

The reason: they’re distracted, said Sean Convery, VP and GM of ServiceNow’s security business unit, speaking at Knowledge18.

Tasks such as vulnerability scanning are “not as exciting an undertaking, not as fun to talk about compared to how you thwarted the bad guys,” he said. Yet they are often the projects that have the biggest impact on security.

Fonterra is New Zealand’s largest company, supporting 10,500 dairy farmers and their families and more than 20,000 employees worldwide. The company exports 95% of what it produces, and accounts for 30% of the global dairy trade, according to Patterson.

As the company has expanded in recent years, so have the risks. With IT assets spread across 300 sites in 140 markets, and with outside vendors handling key pieces, IT managers struggled to keep up with vulnerability scanning and patching.

Less than a year after adopting ServiceNow’s security platform, Patterson said Fonterra has reduced its overall attack surface and slashed response times by switching from manual tasks and spreadsheets to automation tools built into the platform.

The new system also helps Fonterra connect security risk to business operations in a more coherent way. “We can look at our assets, link them to services, and see the business impact,” Patterson said.

Cynthia Patterson, Fonterra’s general manager of technology services, addresses a crowd at Knowledge18

Reducing ‘swivel time’

One theme of Knowledge18 was how automating SecOps can free up analyst time and improve overall threat response.

One company talked about how it helped reduce the “swivel time” time analysts spent toggling between screens and systems, trying to identify and confirm security threats. Another described how, after it suffered a serious attack, more automation helped it recover and prevent future incidents.

“People are taking the things that are painful and frequent and trying to automate those tasks so they don’t occur as often,” Convery said. When companies use spreadsheets to track incidents, it makes it impossible for them to do meaningful reporting. Automating can help reduce response time by 45%, Convery said.

That’s critical at a time when there’s a shortage of security professionals to hire. And, Convery said, it beats having to buy an endless number of point solutions.

Jeffrey Davis, a founding editor of Business 2.0 magazine and former executive editor at CBS Interactive, writes frequently about technology and business.


Grazie per aver sottomesso la vostra richiesta. Un rappresentante ServiceNow vi contatterà entro 48 ore.

form close button


Vorrei essere informato su eventi futuri, prodotti e servizi di ServiceNow. Posso cancellarmi in qualsiasi momento.

  • Inviando il presente modulo, confermo di aver letto ed accettato l'Informativa sulla Privacy.