Escalating cyber risk and targeted attacks are mainstream discussions for boards, regulators, the C-suite, and customers. ServiceNow is proud to announce major updates to our Security Operations portfolio that will help security teams and their IT and risk partners reduce risk and reassure stakeholders by preparing, preventing, and responding more surgically and with higher impact.
Major Security Incident Management
When the clock starts on a significant event, the dedicated Major Security Incident Management (MSIM) workspace can be your virtual war room. With it’s reimagined user experience, this capability improves speed, communication, and evidence handling to help you meet the high scrutiny these incidents receive and get to resolution more efficiently.
- A task organizer assists your security team to manage incident response tasks within and beyond security operations to include responsible IT and non-IT roles. Since a major incident typically includes multiple related investigations, the workspace shows you the entire picture and lets you organize response across multiple “child” security incidents.
- New Summary Metrics capture and present progress to stakeholders, including rollup of affected assets, users, locations, and team resources, as well as a timeline of significant incident milestones.
- For effective enterprise-scale coordination and record keeping, collaborative workflows automate creation of collaboration folders and chat channels, plus archival at closure. Through a Microsoft Teams integration, a chat channel manager and activity streams manage communications across groups.
- A file explorer organizes and tracks artifacts for evidence management via Microsoft SharePoint.
More MITRE ATT&CK
According to ESG Research, “81% of security professionals claim that the MITRE ATT&CK framework has become an increasingly important component of their organization’s security hygiene and posture management.” The latest release of Security Incident Response expands our MITRE ATT&CK support to provide more proactive analysis, response, and reporting on threats across your security infrastructure:
- Mitigation coverage mapping and associated heatmap views to help you see where you have gaps against most likely activities
- Threat actor to tactics, techniques, and procedures (TTPs) mapping to help pinpoint connections between what you are seeing and likely adversaries and intentions
- Threat actor heatmap view for visibility into the number of threat actors using a specific technique for an attack for even greater context and prioritization
- Detection rule to TTP mapping and display of relevant Vulnerable Items in the context of MITRE ATT&CK provides one-to-many mapping of detection rules and techniques to improve your understanding of your attack surface and guide hardening
Expanded threat intelligence and orchestration portfolio
Rounding out our San Diego news, we are pleased to release new integrations with the MISP open-source threat intelligence platform and an integration with SentinelOne that syncs endpoint threat information and provides analysts with orchestration tools for more effective response to incidents such as a compromise.