Help
Join the Community
-
Documentation
Find detailed info about ServiceNow products, apps, features, and releases.
-
Impact
Drive a faster ROI and amplify your expertise with ServiceNow Impact.
-
Partner
Grow your business with promotions, news, and marketing tools for partners.
-
Store
Download certified apps and integrations that complement ServiceNow.
A year ago, many of us became remote employees practically overnight, and as we demanded Security and IT teams to deliver and secure digital transformation at lightning speed, this inadvertently created the perfect storm for cyber threats! Teams were already stretched thin and juggling multiple tools and limited resources, and this pushed them even further. In a recent survey by ESG, 63% of security professionals believe cybersecurity analytics and operations are more difficult than they were two years ago because of factors like the increasingly dangerous threat landscape, the volume of security data needed for analysis, and an overwhelming number of security alerts and vulnerabilities that need to be triaged, prioritized, investigated, and acted upon.
In the Quebec Release, we’ve delivered new developments to help address these challenges. Read more to learn about our latest releases for SIR and VR.
For ServiceNow Security Incident Response (SIR):
MITRE ATT&CK: The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a knowledge base of cyberattack tactics and techniques used as a foundation for the development of specific threat models and methodologies. This new SIR capability maps incidents to the MITRE ATT&CK framework to provide advanced context on attacks and helps reduce the overall attack surface.
By combining this framework with SecOps Incident Response, security analysts gain an adversary perspective on not only their defences but what the next act against them will likely be, able to anticipate a bad actors next move. With such capacity, organizations are enabled to use MITRE information to:
- Speed up the analysis of Security Incidents by leveraging the mapping of TTP’s
- Obtain detection coverage insight of MITRE techniques
- Improve threat hunting capabilities by leveraging relations between TTP’s, SIR’s & observables
For more in-depth information about MITRE and ServiceNow’s capabilities, check out this article for use cases and a technical overview. We also recommend this video for a demo of implementing MITRE with ServiceNow.
(SIR Professional or Security Operations Enterprise Licensing required)
Automated Malware Sandbox URL and File Enrichments with CrowdStrike Sandbox Integration: Today, when a security incident is received, observables can be sent to Threat Intelligence solutions for a verdict. But what if an observable is suspicious, but not definitively malicious? Our new integration with Crowdstrike Falcon Sandbox allows security analysts to remotely detonate a file and URL observables automatically and report on the findings directly within the security incident. This automation allows security analysts to reduce the time to security incident resolution.
(SIR Professional or Security Operations Enterprise Licensing required)
Quickly Close on Incidents with Secureworks Incident Update and Resolution: Automated incident creation from Secureworks incidents/tickets and allows the MSSP to ingest incidents from Secureworks and automate the process in SIR. This MSSP integration has Tickets handled by Secureworks SOC first (Tier 1) and escalated tickets will have corresponding incidents in SIR; ensuring customers the ability to seamlessly manage the incidents across Secureworks and SIR.
This integration enables users to:
- Map incident ticket and event fields
- Synchronize of SIR work notes and Secureworks comments
- Bi-directional integration capability.
(SIR Standard Licensing required)
For ServiceNow Vulnerability Response (VR):
New Tenable Integration for Vulnerability Response: Given the growing interest for vulnerability response, Tenable and ServiceNow are offering an additional option for integrating Tenable’s data feeds into ServiceNow Vulnerability Response. The new application, Vulnerability Response for Tenable, developed and supported by ServiceNow, was built using ServiceNow best practices and validated by Tenable to meet complex customer requirements. The app provides our joint customers with a new option to establish and manage their security-IT workflows, while ensuring they still have the insights they need to execute on a risk-based approach to vulnerability management. (VR Standard Licensing required.)
Gain Actionable insights into Application Vulnerabilities: The 2020 Verizon Data Breach Investigations Report indicated that web applications are the top assets involved in breaches, at more than 40%. Our new Application Vulnerability Management feature integrates with Veracode to scan for DAST (Dynamic App Security Testing) results and determine the riskiness of the vulnerability. It enables vulnerability teams to centralize all the data and get full visibility into vulnerability exposure across applications, configurations, and infrastructure. It prioritizes findings based on business risk so you can more quickly orchestrate response. (Requires ServiceNow VR Professional or Enterprise.)
Vulnerability Assignment Recommendations: Security and IT teams face an increased volume of vulnerabilities complicated by a sprawling list of people responsible for remediation. Our new feature for vulnerability assignment recommendations helps teams optimize and align the right stakeholders quickly. Machine learning identifies the most appropriate remediation teams for each vulnerable item by predicting ownership based on asset and vulnerability data. It also auto-learns from ongoing assignment selections and can be easily trained with a few clicks to improve accuracy. Additionally, the access to unstructured vulnerability and asset information enriches the triage and remediation process. (Requires ServiceNow VR Professional or Enterprise.)
To learn more, check out the Quebec Release Notes, engage with the active Security Operations Community, or contact your sales team.
..............................................................................................................................................................................
Join us for the The Now Platform Quebec event.
Register below to attend the Now Platform® Quebec release broadcast and hear about more capabilities to deliver cross-enterprise digital workflows that connect people, functions, and systems to accelerate innovation, increase agility and enhance productivity
Your event time will be automatically set based the country selected during registration.
AMS/EMEA: March 18 at 8 am PT/11 am ET/3 pm GMT
APJ: March 23 at 2 pm AEDT/12 pm JST KST
................................................................................................................................................................................
© 2021 ServiceNow Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, Now Platform, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.
