ServiceNow is committed to creating great experiences for our customers and employees. In every area of our company, we’re using digital technology to transform the way we work, how we interact with our customers, and how we run our business. ServiceNow takes cybersecurity seriously. It’s why we use our own Security Operations for security incident response and vulnerability response.

Accelerating Security Operations

ServiceNow takes cybersecurity seriously. Our reputation depends on it. Our customers rely on us to provide a highly-secure cloud environment for their mission-critical services and data, and we’re committed to delivering the security they demand. That’s why we have a single-minded focus on leading-edge security technology and expertise.

It’s also why we use ServiceNow® Security Operations for security incident response and vulnerability response. In fact, we have always leveraged ServiceNow to strengthen and accelerate our security processes–even before we had commercially available security products.

Meet Bob Smith

Bob Smith (not his real name) runs our security incident response team, both for our cloud and internal corporate environments. Bob and his team are instrumental in keeping our customers and business safe, successfully fending off attacks—ranging from phishing emails to sophisticated multi-vector assaults–and everything in between.

We’ve changed Bob’s name to protect his identity from hackers.

For Bob, better security started with automating our incident response processes. “Right from the outset, we used ServiceNow for security incident response. Since we didn’t have a commercialised solution at the time, we adapted our ITIL Incident Management application and built other custom ServiceNow apps to create an integrated security incident response environment. Now that we have a security operations product, we’ve transitioned to that–and we’re seeing big benefits. But we laid the foundation long before.”

Why manual processes don’t work

“Think about how most companies manage security incident response. They rely on emails and spreadsheets. Someone reports a potential incident, or a security information and event management system sends an email alert. This goes into a giant spreadsheet along with hundreds of other alerts, and somehow, you’re supposed to use this to drive things forward,” complains Bob.

“For example, how do you track status? Yes, you can add a column to the spreadsheet and update it manually, but that takes time–and people make mistakes or forget. And, you can’t have a single spreadsheet for an entire team. It just isn’t practical. Try to edit a spreadsheet when 15 other people are updating it at the same time, and you’ll see what I mean.”