As the San Diego release went to go live in March 2022 now would be a good time to take a look at some of the key features that await ahead in the realm of SecOps. The features we will be discussing are available as of the San Diego release.
Security Incident Response
The following are a few key features coming to Security Incident Response with the latest San Diego release. Generally, they are designed to help inter-team collaboration and improve the efficiency of resolution.
Major Security Incident Management
A key update is a separate workspace for Major Security Incidents, or a so-called Virtual War Room, where security managers can coordinate the collaborative response to the major security incidents much faster. You can also take advantage of task management for security, IT, and non-IT personas as well as summary metrics to see and evaluate the state of the MSI. Additionally, there are also workflows for Microsoft Teams and evidence management with Microsoft SharePoint integrations. This has been a long-awaited feature and the need for it has only been proved by the Log4j issue. Now all teams within an organization will be able to collaborate effectively to ensure a timely response to a crisis.
Expanded Threat Intel and Collaboration Integrations
Integrations for Microsoft Teams and SharePoint are available to you as of the San Diego release to improve cooperation when dealing with major security incidents.
Another integration has been made available in SIR San Diego to aid security analysts in the management of and response to incidents using MISP (an open-source threat intelligence platform) for rapid triage and threat investigation.
And the last one is SentinelOne which syncs threat information and provides analysts with orchestration tools for the response.
Let us pinpoint the key features for Vulnerability Response coming in the San Diego release, incredibly improving the resolution time, cooperation among your teams, and security of your instance.
Vulnerability Workspaces for IT and Vulnerability Managers
As the number of vulnerabilities grows, security and IT teams may struggle to cooperate in terms of prioritization of items and actions that need to be taken. The workspaces for the Vulnerability Response introduce a centralized environment revolving around IT-remediation data to make cooperation and prioritization of the security and IT teams much easier. The workspaces improve the effectiveness and resolution time of high-priority remediation tasks. The workspaces enable transparent and real-time communication to improve the investigation and response time.
Tenable.io integration for Configuration Compliance
Now you can leverage standard Configuration Compliance data import with the Tenable.io integration in the latest release. In addition to using Tenable.io to import vulnerability data into your instance, you will be able to import critical configuration data as well, such as configuration test failures, to manage potential misconfiguration and narrow the attack surface. Based on the risk score calculator, Configuration Compliance prioritizes test failures and integrates with your ITSM to create change requests for asset owners.
Penetration Testing support and Wiz Integration
Moving or expanding to the cloud and developing custom applications comes with risks as well and companies may have trouble with managing their attack surface. Application owners can import penetration testing and integrate ethical hacking into their applications which improves the collaboration between Application and Ethical hacking teams. Additionally, you can utilize a cloud risk identification and assessment tool called Wiz to import vulnerability data and prioritize, assign and monitor remediation efforts.
Don’t hesitate to contact us to receive the most actual information regarding ServiceNow and its products. Feel free to reach out in case you are interested in a demo or professional services.