Solutions

  • Products
  • Use Cases
  • Industries
  • WHITE PAPER
  • HR and IT better together
  • Boost productivity and attract quality talent with great employee experiences.
  • EBOOK
  • 5 steps to transformation
  • A proactive, connected client experience is essential for financial services.

Platform

  • ANALYST REPORT
  • The value of digital workflows
  • Get apps to market in half the time at a third of cost with higher satisfaction.

Customers

  • SUCCESS NAVIGATOR
  • Your prescription for success
  • Accelerate outcomes with a step-by-step action plan of proven best practices.

Explore

  • VALUE CALCULATOR
  • Live up to your potential
  • Determine the untapped value across your entire business in just 60 seconds.

How ServiceNow uses Security Operations to Deliver 6X Faster Processing via Automation and Integration


At security conferences, technologies like artificial intelligence and machine learning are often in the spotlight. But for security operations teams, a very pragmatic topic is even hotter: integration. Because no security product or company can do everything, security environments often consist of dozens of disparate tools. These tools are typically focused on protection and detection, with security teams manually collecting alert data from the various sources. The challenge is to bring all the data from these tools together in one location where analysts can access information quickly and manage the appropriate response actions. ServiceNow® Security Operations was designed to do precisely that, and our own experience is a good example.

ServiceNow’s own security operations team has been using the Now Platform ® from the beginning but has enhanced it steadily over time. We started with incident management, then built custom security applications and workflows for tasks like event management and alerts. Once ServiceNow created an official Security Operations product, we immediately transitioned to it in order to improve efficiencies and enhance our capabilities around incident and vulnerability management.

An integral aspect of ServiceNow’s environment includes third-party security information and event management (SIEM), endpoint security and threat intelligence tools. All of these products are tightly integrated into Security Operations, which has allowed us to automate several manual processes. For example, when one of our security tools detects a threat, Security Operations immediately creates a security incident. For each type of security incident, Security Operations has a set of workflows that drives our response. Processes like analyzing a hash or IP address, which would normally require logging into multiple security tools to do research, are all automated. Thus, our analysts can quickly drive blocking or remediation from within Security Operations. These automations have allowed us to accelerate both investigation and resolution of threats. And we’ll continue to automate other processes, both large and small, as we see the value.

The benefits of using ServiceNow Security Operations have been significant:

  • 8,700 hours saved annually from Security Operations Center (SOC) automation
  • 6X faster alert and event processing via automation and third-party security product integration
  • 50% increase in number of incidents handled per staff through operational efficiencies
  • $420,000 savings in security operations staffing costs

We have also realized value in three strategic areas:

  • Increased velocity – Because Security Operations is integrated on the Now Platform, our analysts have instant access to IT configuration data in real time. This enables the security operations team to accelerate investigation and reduce the burden on the IT department. Having data in Security Operations rather than in spreadsheets or other tools enables analysts spend more time on other efforts, such as refining alerts and creating knowledge base articles.
  • Actionable insight – Analysts make faster, better-informed decisions by having a single, consolidated view of the environment and accurate, comprehensive data at their fingertips (see dashboard).

Automated reporting using ServiceNow® Performance Analytics for Security Operations helps us stay well informed, track progress over time to pinpoint areas for improvement, and demonstrate security compliance to audit teams.

  • User experience – Automating administrative tasks enables analysts to spend more time on value-added work. Having a central location where activities can be monitored and prioritized reduces fatigue and improves job satisfaction. Well-qualified alerts, usually with a knowledge base article attached, allow analysts to be productive quickly.

According to ServiceNow Chief Information Security Officer Yuval Cohen, “When our analysts investigate a security incident, they have all the data they need in one place. Our platform provides the relevant vulnerabilities and patching cycles, problems (PRBs) and remediation projects, CMDB data, threat intel and many other types of valuable data that now all tie together to give us a full picture.”

I look forward to sharing more Now on Now examples of how we’re “drinking our own champagne” and using the Now Platform to streamline and accelerate every corner of the enterprise.

Topics

Featured

  • Implementing agile IT service management on a cutting-edge platform
    10-16-2019 ServiceNow customer, Danske Bank, adopted a strategic approach in their service management team. As the largest bank in Denmark and a major retail bank in the Nordics region, they serve 3.5 million retail customers. They have seen tangible evidence of the positive impact of digital workflows and the seamless experiences.
  • Always Be Closing finance
    Service Delivery and Management
    Delivering great service to employees is the first step to improving employee experience
    10-14-2019 The primary audience for HR technology has shifted. It’s no longer HR. They are secondary. Employees are now the primary audience. And while the latest cloud HCM systems can help transform an organization’s HR operations, if you want to improve the employee experience, taking an employee-focused approach to service delivery is the best place to start.
  • At the Tech Lounge, the human touch makes all the difference
    10-11-2019 Director of IT Service Management Mirza Baig and his IT team created the walkup Tech Lounge- a space where employees get personalized attention on complex tech issues. As ServiceNow works on automating many common requests and providing easy to find, self-service options, the IT Support technicians have more time to focus on the tough cases.
  • Strategy
    Lessons from a Top CIO
    10-11-2019 How does a seasoned CIO lead a digital transformation? She makes friends. Great ideas aren’t enough for a CIO to succeed in leading a digital transformation, says Teri Takai, the former CIO of the U.S. Department of Defense, the states of California and Michigan, as well as Meridian Health Plan. In her 40+ year career, she has had to build consensus, prioritize projects that would advance the organization’s overall goals, communicate often, and practice a lot of patience. Read more tips from Takai on WorkflowQuarterly.com, as well as other CIOs, or watch the embedded video.

Trends & Research

How to please customers at scale
Why employee service delivery matters
How to identify your company’s secret influencers

Year