In this article, I’m going to highlight the features and updates in Security Operations (SecOps) in Rome. The new release of ServiceNow just went live in late Q3. An overview of all updates can be found here. Some of the features are already available, because Vulnerability Response and Security Incident Response are updated more frequently than the platform.
I would like to highlight the major additions and improvements that are coming in the release:
Security Incident Response and Threat Intelligence
Microsoft Azure Sentinel Incident Ingestion integration
What is Microsoft Azure Sentinel? Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
In the Rome Era, it’s now possible to automate mapping of Azure Sentinel incident fields to Security Incident Response fields. This would help to Unify and standardize incident tracking and automate incident status updates for SIR incident creation and closure.
Zscaler for Security Incident Response integration
Zscaler helps companies migrate to the Cloud. This new integration connects Zscaler with the ServiceNow Platform. It will help you with insights into your organization’s internet usage and enterprise security environment.
It’s worth noting the advantages of Zscaler integration:
- Enables rapid triage and threat investigation with Threat Look-up and Sandbox Reports.
- Malicious domains and URLs can be automatically blocked to quickly contain a threat.
- Automated security incident creation from Zscaler Patient 0 alerts for immediate Analyst action
Other new features
There are several other new features I would like to highlight in Security Incident Response:
- Major Security Incident Response. A new dedicated workspace and channel management (via Microsoft Teams).
- Quick start tests for Security Incident Response. They will help verify that SIR is working as expected after updates or changes.
- MISP integration for SecOps. Malware Information Sharing Platform integration would help improve targeted attacks investigation and lower number of false-positives.
Microsoft TVM Integration
Threat and Vulnerability Management by Microsoft is an application for vulnerability scanning. This integration allows you to import those vulnerabilities into the ServiceNow platform.
TVM integration will help people working on Vulnerability Response with enhanced information. It was developed together with Microsoft.
ServiceNow-initiated rescan support for Qualys and Rapid7 Integrations
New functionality saves time for people working with Vulnerability Response in a big way. Remediators are now able to get a confirmation scan immediately after they conclude their tasks. There is no need to wait for the scheduled scan anymore. Users can manually initiate a re-scan with a button click. There is also a possibility to trigger re-scan automatically when a vulnerability item or vulnerability group is resolved.
Veracode SAST Integration for Application Vulnerability
Lately our world has seen an increase in vulnerabilities connected to applications. In response, Servicenow is increasing support for Application Vulnerability Response in the Rome Era. New integration allows ingestion of Static Application Security Testing data. This increases visibility and improves management of SAST vulnerabilities.
Other new features in one line
- Updates to integrations with Tenable, Rapid7, Red Hat, Qualys
- Quick start tests for Vulnerability Response. They will help verify that VR is working as expected after updates or deployments.
Rome SecOps: Closing notes
ServiceNow is constantly evolving and developing new functionalities to keep up with new trends and strategies. This applies especially for Security Incident Response and Vulnerability Response, which is even more agile, having new functionality released on a monthly basis.
Contact us if you want to stay up to date or are looking for professional ServiceNow support.
Disclaimer: Information and screenshots used in this article are coming from official ServiceNow documentation released for the Rome upgrade and official documentation of the integrated third-party tools.