How does this approach improve the ability to measure security?
Because IT and Security are using a single platform from the creation of an incident to the post-incident review, every aspect of remediating security issues can be measured. This holds the overall organizations accountable to solve problems quickly and simple executive dashboards can clearly communicate security posture and how the organization's security posture is trending.
ServiceNow Security Operations provides a standard interface layer that allows virtually any security element or threat data feed to integrate into the combined solution and create or provide context on an incident. Organizations get role-based dashboards, providing real-time trending data necessary to understand whether an organization is effective in securing their enterprise. It also includes an executive dashboard showing team productivity, existing gaps and overall security posture.
This lets security teams leverage their existing investments in their security infrastructure and tools while augmenting the information and correlation and alerting from those tools with rich business context. Security information and event management (SIEM) solutions, vulnerability and threat assessment tools, analytics engines, and advanced intrusion detection systems easily integrate with the ServiceNow platform and can trigger incidents or map to records in Security Operations.
The broader ServiceNow platform delivers additional enterprise capabilities that teams can leverage right away such as built-in service level agreement (SLA) thresholds, skills based routing, notifications, advanced workflow, and live collaboration. The platform also isolates security events from the rest of the system, ensuring that sensitive security incident data remains confidential.
What can a security leader do today to get started in the right direction?
Although organizations are heavily invested in the latest detection and vulnerability technologies, they've neglected a critical step -- formalizing their teams' incident response and connecting it with IT.
So there are two key takeaways for security leaders: you cannot rely on emails, phone calls and spreadsheets to manage security incidents and vulnerabilities for today's hybrid IT architectures; and you need to bridge the long-standing gap between their security teams and IT operations. Manual processes, cross-team hand-offs, and siloed point solutions hinder the security team's ability to efficiently respond to attacks or assess and remediate vulnerabilities. The lack of business context for the affected service or asset further exacerbates the problem by treating all threats equally, making it difficult to focus security teams on high priority attacks with the greatest impact to the business.
Creating workflows and implementing process automation, whether they work with us or not, is critical to effective security response, streamlining remediation and clearly measuring their security postures.
Sign up for Computerworld eNewsletters.