Updated: Feb 1, 2021
In this week’s Share the Wealth video, Andrew Carlson of Pharicode gives an overview and demonstration of Security Operation (SecOps) in ServiceNow.
Security Operations Overview
Most organizations start off with a collection of tools including Threat Intelligence Platform, EDR, SIEM, and Vulnerability Management Platform. The value of ServiceNow SecOps is that it not only allows the data between the sources the enterprise already has to be integrated, but also allows the user to leverage the data and processes already existing in their ServiceNow instance for the purpose of remediating vulnerability or handling security incidents. They rely heavily on existing CMDB data because every incident at its core has a CI; the user must know where the incident occurred or where vulnerability lies. The three modules of SecOps — Threat Intelligence, Security Incident Response, and Vulnerability Response — have integrations with one another.
What is SecOps?
Security Incident Response
Security Incident Response (SIR) tracks the progress of security instances and is standards-based (NIST/SANS). Integration includes SIEM, Endpoint Security, and Phishing Email. It also integrates with ITIL tack. There are predefined workflows for handling certain types of instances. Severity, Criticality, and Risk Score can be calculated. SIR Knowledge Base includes runbooks. SIR also provides a service catalog using CMDB data.
Vulnerability Response
Vulnerability Response can organize, track, and resolve vulnerabilities. Severity and Risk scores can be calculated. Integrations include Vulnerability, NVD - CVE, and MITRE - CWE. There are predefined workflows. Vulnerability Response uses CMDB data.
Threat Intelligence
Threat Intelligence organizes and correlates threat data from threat sources. Integrations include STIX/TAXII. This can populate observables from SIR and cross-reference IoC.
Interested in working with experts like Andrew? Reach out to our team. We would love to learn more about your ServiceNow challenges and how we can help your organization build better solutions.