Lean On Automation
Hackers frequently look at crises as an opportunity, and COVID-19 is no different. The volume of alerts and incidents, taking increasingly longer to investigate, can easily overwhelm Security Operations Center (SOC) analysts.
During this time, it is recommended that companies reduce the manual effort of their SOC analysts to combat this threat. One such way to do that is with automation and by leaning on your current ServiceNow integrations to keep an eye on your assets.
Rather than sorting through a deluge of data, companies can send their data logs to ServiceNow from other monitoring systems.
Companies can create rules to determine how this data is normalized into events which will then process events into more manageable alerts which SOC analysts can review.
Once this is done, the events and alerts will live in the same system where the Incidents and Security Incidents can be managed, and the strength of the Configuration Management Database (CMDB) can be leveraged too. For further automation, companies can leverage Operational Intelligence to analyze data for potential anomalies to prevent outages and service disruption.
As an alternative, some organizations are using IBM Netcool to streamline their incident management protocols. Getting rid of a separate platform reduces overhead and ServiceNow has out of the box connectors to work with Netcool during the transition.
During this time of uncertainty, Event Management can greatly decrease manual monitoring of disparate tools that are vulnerable to an increased number of attacks. Click To Tweet
ServiceNow is scalable long term, building a solid foundation upon which other systems can be built. Also, Event Management works well with other ServiceNow products already in use, from Security Incident Response and Vulnerability Response to Incident in ITSM.
Automation is not one size fits all, but organizations that manage these upgrades effectively will realize some of the same benefits, such as increasing the number of Security Incidents resolved and decreasing the amount of time it takes to identify these Security Incidents.
Take Cask’s Business Continuity Maturity Survey to see how mature your organization’s BCP is!
Solution Architect at Cask
Zack is a ServiceNow Solution Architect with a focus on UI & UX, extensible solutions, and ITIL best practices. He is skilled at generating buy in from executive leadership and breaking down technical concepts through explanation, flowcharting, and example. As an architect he has successfully worked with and managed onshore and offshore resources for global organizations.