ServiceNow reinvents security response

ServiceNow is extending its automation and orchestration expertise to transform the way organizations respond to threats. Security Operations gives both security and IT teams a single platform to respond to security incidents and vulnerabilities.


ServiceNow Security Operations includes two cloud-based applications: Security Incident Response and Vulnerability Response. By extending ServiceNow’s workflow and automation software to incident and vulnerability response, organizations can remove inefficient, manual processes – such as using emails, phone calls or spreadsheets. ServiceNow enables customers to define, structure and automate security response to compress the time to identify and contain threats and vulnerabilities.

ServiceNow Security Operations addresses the security shortfall

Provide a single platform for managing security incidents and vulnerabilities. The software extends the workflow, automation, orchestration and systems management capabilities of the core ServiceNow platform to security teams. The platform enables the team to manage the process of responding to and remediating incidents, and removes manual processes that slow security incident resolution times.

Prioritize security risks with business criticality. Customers can attach incidents and vulnerabilities to records within the ServiceNow configuration management database (CMDB). This pairs security data with insight into the virtual or physical asset at risk and the business service that asset supports. By doing this an IT team can see, for instance, that the server being attacked contains sensitive human resources data and should be prioritized accordingly.

Automate mundane, manual functions to free up IT and security teams to address critical issues. By leveraging ServiceWatch, IT operations management software from ServiceNow, teams can trigger automatic patching, configuration changes to security infrastructure, or other standard workflows to contain and fix security incidents and vulnerabilities. Automatic post-incident reports are created, crucial for auditing purposes. This eliminates the tedious manual process most organizations use today.

Gain greater visibility into current security issues by category, class and priority, and status of tasks. Organizations get role-based dashboards, providing real-time trending data necessary to understand whether an organization is effective in securing their enterprise. It also includes an executive dashboard showing team productivity, existing gaps and overall security posture.

To increase the value of security products customers have already deployed, ServiceNow Security Operations integrates with leading third-party software applications, including security incident and event managers, and vulnerability identification solutions.

RSA Conference 2016

Don't miss