In this demo we show how Security Incident Response integrates with internal and external tools and applications through the response lifecycle starting at the beginning where incidents are created from various security and monitoring tools, such Q-Radar or LogRythm, feeding data into ServiceNow. As soon as incidents are created ServiceNow automates the prioritization and assignment of incidents to assure that high priority items get swift attention.
We review the way Threat intelligence pulls data from open source and paid threat feeds as well as your other security tools such as Tanium to provide enrichment data to security incidents. Combined with automated enrichment through orchestration ServiceNow works to puts all the information required to make an informed and fast decision in one place.
We show how response action is determined either through automation based on incident attributes or though analyst input, applying workflow templates to coordinate fast and consistent incident resolution. Workflows can also automate eradication and recovery activities through existing security tools such as Palo Alto or Carbon Black.
And finally, we review ServiceNow’s robust and dynamic post incident review process that generates a summary of the incident activity and impact. For more information, or to talk with our team about how to get started with Security Incident Response for your organization, contact us here.