ServiceNow has announced a new integration with various Microsoft solutions to make the IT environment more secure by acting more quickly and efficiently on security incidents. ServiceNow Security Operations Solution Suite integrates with Microsoft security solutions for this purpose and uses existing integrations with Teams and Sharepoint.
ServiceNow’s goal with today’s announcements is to ensure that security incidents are handled faster. By integrating with Microsoft Azure Sentinel and Microsoft Threat & Vulnerability Management, ServiceNow’s Security Operations Solutions Suite can see in real-time when new security incidents have been detected. Security solutions from other vendors can also integrate with ServiceNow, some working out-of-the-box and some manually via a Spoke integration.
As soon as an incident is detected, automatic actions can be taken and involve members of the security team. For example, ServiceNow mentions creating a group on Microsoft Teams with multiple members to address the issue. However, this is something you would only want for large or critical incidents. Otherwise, the security team will be in hundreds of groups in a large organisation. For smaller incidents, ServiceNow could deploy a task within Sharepoint. The level of the incident will be essential for these kinds of automation.
Although the announcement is primarily about Microsoft solutions, ServiceNow has also been integrating with, for example, Slack, WebEx and various other collaboration tools. The Security Operations Solution can also turn incidents into tasks in these solutions or into a Slack Group, which is also very popular at many organisations.
Bringing together incidents from different security tools in a single pane of glass
The ultimate goal of this ServiceNow solution is to integrate as many individual security products as possible so that all incidents can be managed better and followed up faster and more efficiently. How incidents are followed up will differ from company to company. Still, if a company does not have a central portal for managing all the various solutions, there will be security incidents that remain unresolved for too long. Which in turn creates the necessary additional risks.
The importance of security in today’s world, where people work in many different locations, cannot be stressed enough. Implementing extra security solutions is, therefore, something that happens at a lot of companies. Just make sure that incidents are followed up efficiently and fast enough. Check whether the right steps have already been taken. Keeping an eye on ten different control panels is simply not desirable.