Cloud infrastructure presents new risks, new systems, and less
control for security teams that are already overwhelmed by security
alerts, manual processes and siloed security tools that complicate
decision-making and the hand-off of remediation to IT counterparts.
To help solve this challenge, ServiceNow, the digital workflow
company that creates great experiences and unlocks productivity, has
extended its security operations portfolio with the release today of
two integrations with AWS Security Hub. ServiceNow is aligned with
AWS’s strategy of providing security at-scale, and our vendor-agnostic
approach and ability to take action on a range of security data
sources is a unique value for our joint customers. With these
integrations, joint customers can aggregate cloud data within Security
Hub, then automatically kick-off the approved response or workflow in
ServiceNow Security Operations or IT Service Management (ITSM),
directly from Security Hub.
Streamlining cloud workloads through tight security and IT
Security Hub provides customers with a
single place that aggregates, organizes and prioritizes security
alerts from multiple AWS services. With this new partnership, AWS
customers can use the ServiceNow platform to coordinate security
incident and vulnerability response across hybrid cloud deployments
and workflows, leveraging the openness, scale, and automation of
Security Operations and ITSM with Security Hub.
For example, when an alert meets defined criteria in Security Hub, a
security incident or ticket is automatically created in Security
Operations or ITSM. In Security Operations, threat intelligence on
observables can enrich the security incidents, providing precious
contextual data to support triage and remediation. Predefined
playbooks can be assigned based on the incident category (e.g.
malware, Brute Force, DOS attack, etc.) to guide response actions.
Analysts can also manually forward events from the AWS Security Hub
console to drive response. In addition to pre-defined playbooks,
customers can use Flow Designer to create the custom
workflows required for their organizations’ postures, policies and processes.
The Power of the Now Platform when transitioning to AWS
To effectively manage and improve systems, customers need to know
exactly what assets are in their IT environment and have current,
accurate configuration data. The ServiceNow CMDB provides a single
system of record for IT. When paired with ServiceNow Service Mapping,
the CMDB becomes serviceaware—which enables applications to be
serviceaware as well.
Using built-in workflows, ServiceNow routes incidents to the correct
personnel or response tools to contain, mitigate or remediate threats.
Post-incident reporting, customizable dashboards and metrics help
teams improve processes going forward and provide a dynamic and
continuous view of the overall security profile. Importantly,
customers can leverage ServiceNow’s integration with AWS Security Hub
to help with their transition to AWS, as ServiceNow provides a single
platform solution to manage both on-premises and cloud-native workflows.
ServiceNow takes a customer centric approach to developing products
and services. As companies increasingly shift to the cloud
and digital business requires more complex IT infrastructures,
ServiceNow is here to help, regardless of where workloads reside.
For more information, visit ServiceNow’s Security Operations and ITSM Community blog posts.