London Spotlight: Get ahead of the SecOps curve with better UI, training, and integrations
Is your company behind the mark when it comes to information technology security? Are an excessive amount of incidents coming from several disparate systems? Do you lack the resources to handle the intake and prioritization of these incidents? Is your IT security staff getting younger by the second and accustomed to using a modern user interface (UI) to complete IT tasks?
My guess is that your answer to most of these questions is a “yes” regardless of how secure your current environment may be. The good news is that ServiceNow’s recent London release is focused on better experiences and has several security operations updates that will make even the most overworked IT veterans sit up and take notice.
Rapidly access insightful and actionable security incident data
New UI with the Security Analyst Workspace
From the updated ServiceNow dashboard, security analysts can now switch their view to the new Security Analyst Workspace.
This tile-based UI has a refashioned, intuitive look and feel that’s built for newer users of the ServiceNow platform and those looking to configure a widget-based interface to their liking.
So how exactly does this add value? As soon the SecOps application is launched, security analysts get an instant preview of open security incidents complete with vital information without even having to click into the record.
Furthermore, the user can construct how the information stored in the incident is visualized. Before, it was simply set up as a related list. And a new “peek” feature allows for quick browsing of incident artifacts, which speeds up investigation and gets the team focused on containment and resolution more quickly.
Here’s an instance of the new Security Analyst Workspace:
Using the peek feature of the Security Analyst Workspace:
Built-in playbook offers hands-off training opportunity
ServiceNow’s built-in playbook feature contains standard operating procedures to assist junior analysts in resolving security threats such as phishing attacks or other vindictive activities. This offers a simple yet effective solution for training newer security analysts without taking time away from your more experienced staff.
Check out the ServiceNow playbook:
Instead of being licensed, these Security Incident Response (SIR) features actually come with the platform and simply need to be turned on through the HI portal . We expect ServiceNow to develop even more functionality for these features to further help security teams get to the bottom of incidents with a quickness.
Easily integrate SIR, VR, and Qualys
Get up and running quickly with SIR and VR
ServiceNow is known for providing great setup assistance and guidance. Now you’ll have the opportunity to participate in a similar experience in both the SIR and VR (Vulnerability Response) modules through the Setup Assistant.
Setup Assistant will walk you through the setup processes (including integrations) with step-by-step instructions. No more wasted time stumbling along trying to figure out which capabilities need specific configuration or what permissions are needed in order to configure them.
Additionally, ServiceNow’s guidance tool provides your implementation team with helpful tips and tricks regarding the best settings for your environment.
Whether you’re implementing on your own or through a third-party partner such as the engineering team at Cask, you’ll be up and running in no time flat.
Setup Assistant uses a simple UI to complete complex processes:
Haven’t heard this term before so just making sure it’s the right phrase.
Set up Qualys with Multi-Source Support
Qualys, the scanning platform for vulnerability checking, is currently the first third-party integrator that utilizes ServiceNow’s new Multi-Source Support feature. That means no more complicated customizations to support multiple instances of Qualys.
This is huge. You can now add all deployments of your Qualys Cloud Platform as integrations. When assets and corresponding vulnerabilities are discovered by several Qualys deployments, they will be consolidated and reconciled within your CMDB. Overlapping scan processes are no problem. The Qualys vulnerability KnowledgeBase will ensure that all records are normalized and provide an uncomplicated single source of information—therefore no duplication of vulnerabilities across deployments. We believe that’s configuration compliance at its best!
Qualys integration is easier than ever before:
ServiceNow has developed excellent functionality in the SecOps space by providing security analysts with a better experience, guiding new analysts through typical security threats, speeding up and reducing the cost of implementation, and taking the difficulties out of having more than one Qualys deployment in your environment.
If you’re interested in understanding these new features better or want to learn about other new VR capabilities including CI Lookup Rules, Discovery Items, the Vulnerability Roll-up Calculator, and new Risk Score Enhancements—just contact us at Cask! We’re happy to provide everything from consultation to end-to-end setup to make sure your IT security team is able to keep up with digital transformation.