TrustRadius: an HG Insights company

ServiceNow Security Operations

Score8 out of 10

6 Reviews and Ratings

What is ServiceNow Security Operations?

Built on the Now Platform, the ServiceNow Security Operations application bundle, available in the Standard, Professional, and Enterprise bundles, supports SecOps with security orchestration, automation and response (SOAR) platform. Higher tier plans integrating ServiceNow's own proactive vulnerability management capabilities, and threat intelligence services, and boasts security workflows through integrations with other security services.

Read more details.

Product Demos

Who Buys & Uses ServiceNow Security Operations

Robust SecurityOps tool

Use Cases and Deployment Scope

We were using ServiceNow Configuration Management Data Base (CMDB) and ticketing modules hence it was somewhat logical for us to have the ServiceNow Security Operations module to have seamless integration and consequently operational efficiency. In addition, I have built incident response automation playbooks using this module.

Pros

  • Excellent integration with ticketing and CMDB module
  • Ability to manage configuration changes to minimize security impact
  • Can build incident response playbooks for scenarios
  • Automation of workflows inside of security operations for escalations specifically

Cons

  • Even though I mentioned that we built incident response playbooks, we found the learning curve to be steep, having drag and drop or something similar to this would be appreciated

Return on Investment

  • Well controlled change control process management leading to fewer failures in production
  • Reduction in the meantime to identify security issues leading to better resolution times
  • Automation of incident response workflow/playbooks

Usability

Alternatives Considered

Splunk Enterprise Security

Other Software Used

BMC Helix Discovery

Service now Security center operations review.

Use Cases and Deployment Scope

We are using a service now security operations center to monitor our network resources, since my team works in the cloud it can detect any performance or abuse of our network resources. An incident is automatically logged on to service now from which we can check and resolve the incident. We have the option to perform a complete root cause analysis of the problem and also threat intelligence provides us a scope to gain more knowledge about the security incidents.

Pros

  • Automatically creates a ticket for security incidents.
  • Complete root cause Analysis of the problem.
  • Ability to provide more knowledge because of threat intelligence.

Cons

  • Integration with other third party applications.

Most Important Features

  • Threat analysis.
  • Ability to create automatic incidents.

Return on Investment

  • Positive ROI since most of the security incidents can be closed via a security centre.