While enterprises have invested heavily in protection and detection tools, security response is often left unaddressed. Determining whether an alert constitutes an actual threat can take hours. Security analysts use email, phone calls and spreadsheets to coordinate remediation with IT teams. These manual processes are error-prone and unwieldy, leading to lengthy breach containment times of 70 days on average, according to the Ponemon Institute.
ServiceNow Security Operations replaces the manual work patterns of the past with intelligent workflows of the future and just added several new automation integrations from leading security vendors. In as little as 20 seconds, Security Operations automatically enriches each security incident with threat intelligence, including information from potentially affected endpoints. This allows security analysts to spend less time on researching problems and to get to resolution faster. In addition, ServiceNow Security Operations eliminates the need for manual data collection by automatically generating a post-incident report for later analysis, reporting or audit.
“As an industry, we can't hire our way out of this problem,” said Sean Convery, general manager of Security, ServiceNow. “ServiceNow Security Operations makes the most of a company’s security talent. It automates busy work so analysts can concentrate on stopping cyberattacks rather than filling out forms.”
New Integrations with Leaders in Security
With the latest ServiceNow product release, Security Operations customers gain several built-in integrations, including:
- Palo Alto Networks: ServiceNow Security Operations can use threat intelligence data provided by the Palo Alto Networks Next-Generation Security Platform via its AutoFocus contextual threat intelligence and WildFire cloud-based threat analysis offerings to automatically enrich the context around a security incident. This provides valuable information for the security analyst in an automated manner and expedites response. If remediation requires a change to the Palo Alto Networks Next-Generation Firewall, the change can be orchestrated directly from within Security Operations, including routing permission to the firewall administrator to ensure he/she is aware of the change.
- Tanium: Further integration with Tanium Core Platform allows ServiceNow to enrich cases with running, live process data directly from an affected endpoint. This improves visibility into remote endpoints to quickly determine the severity and impact of an event.
- Several other SIEM and security incident source integrations are available in the latest release.
“By integrating with the Palo Alto Networks Next-Generation Security Platform, ServiceNow is able to leverage the wealth of our offerings for the benefit of our joint customers,” said Chad Kinzelberg, senior vice president of Business and Corporate Development, Palo Alto Networks. “The ability to automate what are typically manual processes accelerates response times and eliminates tedious efforts that so often hinder effective prevention of cyber breaches.”
“You can't be successful in security without knowing what's happening in every corner of your environment," said Orion Hindawi, co-founder and chief executive officer, Tanium. "The integration of Tanium's Core Platform into ServiceNow's Security Operations will ensure customers get a full and complete picture of all their endpoints and be able to move quickly when an incident happens. We're thrilled to work with ServiceNow and our partners to help customers thrive in today's threat landscape.”