Skip to content

Security Operations in the ServiceNow Rome Release

Security Operations in the ServiceNow Rome Release

In this article, I’m going to highlight the features and updates in Security Operations (SecOps) in Rome. The new release of ServiceNow just went live in late Q3. An overview of all updates can be found here. Some of the features are already available, because Vulnerability Response and Security Incident Response are updated more frequently than the platform. 

I would like to highlight the major additions and improvements that are coming in the release:

Security Incident Response and Threat Intelligence

Microsoft Azure Sentinel Incident Ingestion integration

 Microsoft Azure Sentinel Integration

What is Microsoft Azure Sentinel? Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

In the Rome Era, it’s now possible to automate mapping of Azure Sentinel incident fields to Security Incident Response fields. This would help to Unify and standardize incident tracking and automate incident status updates for SIR incident creation and closure.

Zscaler for Security Incident Response integration

Zscaler security tags on ServiceNow Security Incident

Zscaler helps companies migrate to the Cloud. This new integration connects Zscaler with the ServiceNow Platform. It will help you with insights into your organization’s internet usage and enterprise security environment. 

It’s worth noting the advantages of Zscaler integration:  

  • Enables rapid triage and threat investigation with Threat Look-up and Sandbox Reports. 
  • Malicious domains and URLs can be automatically blocked to quickly contain a threat. 
  • Automated security incident creation from Zscaler Patient 0 alerts for immediate Analyst action

Other new features

There are several other new features I would like to highlight in Security Incident Response: 

  • Major Security Incident Response. A new dedicated workspace and channel management (via Microsoft Teams).  
  • Quick start tests for Security Incident Response. They will help verify that SIR is working as expected after updates or changes. 
  • MISP integration for SecOps. Malware Information Sharing Platform integration would help improve targeted attacks investigation and lower number of false-positives.

Vulnerability Response

Microsoft TVM Integration

Vulnerable Item sourced from MicrosoftvTVM

Threat and Vulnerability Management by Microsoft is an application for vulnerability scanning. This integration allows you to import those vulnerabilities into the ServiceNow platform.

TVM integration will help people working on Vulnerability Response with enhanced information. It was developed together with Microsoft. 

ServiceNow-initiated rescan support for Qualys and Rapid7 Integrations

New functionality saves time for people working with Vulnerability Response in a big way. Remediators are now able to get a confirmation scan immediately after they conclude their tasks. There is no need to wait for the scheduled scan anymore. Users can manually initiate a re-scan with a button click. There is also a possibility to trigger re-scan automatically when a vulnerability item or vulnerability group is resolved.

Veracode SAST Integration for Application Vulnerability

 Application Vulnerabilities Dashboard

Lately our world has seen an increase in vulnerabilities connected to applications. In response, Servicenow is increasing support for Application Vulnerability Response in the Rome Era. New integration allows ingestion of Static Application Security Testing data. This increases visibility and improves management of SAST vulnerabilities. 

Other new features in one line

  • Updates to integrations with Tenable, Rapid7, Red Hat, Qualys 
  • Quick start tests for Vulnerability Response. They will help verify that VR is working as expected after updates or deployments.

Rome SecOps: Closing notes

ServiceNow is constantly evolving and developing new functionalities to keep up with new trends and strategies. This applies especially for Security Incident Response and Vulnerability Response, which is even more agile, having new functionality released on a monthly basis.

Contact us if you want to stay up to date or are looking for professional ServiceNow support.  

Disclaimer: Information and screenshots used in this article are coming from official ServiceNow documentation released for the Rome upgrade and official documentation of the integrated third-party tools.


Certified ServiceNow Experts at your service

ServiceNow can empower your employees and clients with digitalized workflows, and Devoteam, as the #1 preferred Partner in the EMEA, is eager and ready to help make your digital transformation journey a success. Ready to see what we can bring to the table?