In today’s fast-paced digital world, the significance of cybersecurity cannot be overstated. With the continuous evolution of the business environment, the intricacy of cyber threats only amplifies. The ServiceNow Washington DC release steps up to confront these challenges head-on by introducing a range of advanced features that address these complexities strategically.
Vulnerability Response
Security Posture Control
Security Posture Control (SPC) is a comprehensive framework which enables IT and cyber security teams to manage and optimise an organisation’s security posture. Nowadays, security teams analyse and manage a huge amount of data and it is not uncommon for some assets to slip through the cracks — lacking endpoint protection, being poorly managed, or becoming exposed to the internet. For these security gaps, ServiceNow introduced the SPC tool which can discover not only infrastructure assets but also cloud assets.
Leveraging Service Graph Connectors, the SPC evaluates asset security by interfacing with various IT and security tools. It detects security gaps, such as a workstation without endpoint protection, through targeted data queries. SPC automatically triggers a remediation workflow in ServiceNow to address this gap. The task of installing endpoint protection is assigned to the relevant team. This streamlined process enhances the organisation’s security posture efficiently.
Vulnerability Emergency Response
Vulnerability Emergency Response (VER) serves as a unified command centre for managing vulnerability crises, integrating seamlessly with SecOps products. By harnessing the power of Major Security Incident Management and Asset Exposure Assessment, VER delves deep into the lifecycle of critical events, offering a comprehensive overview from detection to resolution. In this dedicated workspace, vulnerability event managers have a simplified, yet powerful platform at their fingertips. Here, they can effortlessly oversee the status of critical vulnerabilities, prioritise risks based on their severity, and collaborate extensively with teams across the organisation. This streamlined approach significantly reduces response time to a minimum.
New Cybersecurity Executive Dashboard
In addition to the existing CISO dashboard, which is more operational, ServiceNow has introduced the Cybersecurity Executive Dashboard to level up the stats business-wise. The new dashboard provides a centralised view of security status where executives can benchmark security and risk metrics, enabling them to report successes, support budget planning effectively and more.
By installing a separate plugin for this workspace dashboard the executives gain wide visibility into the organisation’s vulnerabilities, configuration compliance, security incidents, and employee readiness. Moreover, it allows business unit-specific risk assessments, setting targets or integrating with third-party tools for phishing simulation data. Opting into ServiceNow Benchmarks further enriches the dashboard with KPIs, trends, and comparative insights relative to industry averages of the peers
Security Incident Response
Threat Intelligence Security Center, brand new full-blown application
Great news from ServiceNow! Let it be known that Threat Intelligence Security Center (TISC), launched into Controlled Go-To-Market mode on February 1st, 2024. A carefully crafted workspace with a plethora of new features enables threat hunters and analysts to collaborate, share intelligence, and take action against threats. Make no mistake, this is a completely new tool in your toolset, the solution further empowers your war room with deduplication capability for disparate threat feeds or enrich them with your own tailored Threat Score Calculator or internal intelligence coming from SIR, VR, or CMDB to make full circle.
With a feature called Threat Analyst Workbench, your cyberthreat intelligence professionals will harness platform power by utilising Case management. Case tasks can be assigned to analysts, threat hunters, or security incident response teams. MITRE ATT&CK framework integration can be utilised to tag cases with relevant tactics, techniques, and procedures. In essence, this Workbench brings an integrated capability to the table and transforms scattered threat data into a strategic asset, enhancing the precision and speed of security operations.
Make conference calls directly from the workspace
ServiceNow has further expanded its capabilities and can now facilitate seamless conference calls directly from the Major Security Incident Management (MSIM). This feature enables team members, customers, and other stakeholders to join discussions that expedite the resolution of security incidents. Security Managers can initiate calls using Microsoft Teams, Cisco Webex, or Zoom to streamline the remediation workflow. After successful integration with a third-party provider, the feature is available from the Major Security Incident Management Workspace. Selecting MSI from the list generates participant recommendations to smooth the process further. Calls and meetings can then be captured and archived for future reference.
New playbooks
As per usual, ServiceNow enhances SIR with new playbooks. The Washington DC release continues with this tradition with ten new playbooks featuring:
- Playbook for Okta User Login Failures from Multiple IPs – Triggers an alert when login failure occurs for ServiceNow user IDs from more than three Non-ServiceNow IP ranges in a 1-hour duration.
- Playbook for Successful VPN Attempts from the Service Accounts – Service accounts aren’t supposed to have login events from a VPN, and such events could be indicators of either brute force or possible exposure of the account’s credentials.
- Playbook for T1003 – Defense Evasion – Mimikatz DCShadow – DCShadow is a feature in Mimikatz that simulates the behavior of a Domain Controller to inject its own data, bypassing most of the standard security controls.
ServiceNow is extending an already adept list of available playbooks like Automated Phishing Response, Malware Outbreak Response, insider threat playbooks, or Denial of Service (DoS) Attack workflow. All of which are convenient and easy to deploy.
——
Do not hesitate and contact us with any questions and/or desire to implement any of the above-mentioned features.
ServiceNow Washington DC release: Key Updates for SecOps
Get key insights into the ServiceNow Washington DC release for SecOps at our free webinar. In just 30 minutes, you’ll gain an overview of the most important changes for your organisation.
