Gaël Kergot, ServiceNow: From responding to security incidents to monitoring compliance and risk

ServiceNow participates in the French Assets Stock Exchange (Assises la la Sécurité) for the first time and will showcase its complete series of solutions to respond to security incidents and vulnerabilities and monitor compliance and risks. Gaël Kergot, Head of Security, Risk and Compliance Product Sales at ServiceNow, introduced his strategy.

Global Security Magazine: What speech will you give on the “Asset Stock Exchange”?

Gaël Kergot: Most importantly, this will be ServiceNow’s first participation in the securities market. We have the opportunity to discuss with the CISO around the two topics involved: responding to security incidents and vulnerabilities and monitoring compliance and risk (commonly referred to as “GRC” in the field). These topics are handled by two dedicated applications: security operations and governance, risk and compliance.

Participants will be able to discover these applications through our customer recommendations at the ServiceNow seminar on December 12th at 12:12 pm (see below), we participate in Newlode TechLabs and meet us at booth 101.

GS Mag: What is the theme of your meeting this year?

Gaël Kergot: Operational safety: speed up response and improve management. In the past two decades, the industry has established a protection and detection system; a very necessary investment, the challenge now is to use it. If in the end we cannot effectively monitor its remedial measures, what is the point of receiving reports containing thousands of vulnerabilities? Reduce operational risk? With the emergence of alerts from all aspects, it is difficult for the security team to have a unified understanding of all these issues, it is difficult to understand which issues are affecting the company’s most critical systems, and organize the response/remediation process. IT operations.

Our seminar will address this topic and use our security operations app to get feedback from the major players in the French economy.

GS Mag: What major threats can you identify in 2018?

Gaël Kergot: The main threat we found was the inefficient response and remediation process.

To illustrate this point, I will quote the “Vulnerability Response Status” study conducted by Ponemon in 2018: Security lost an average of 12 days in coordinating patch activities (vulnerability fixes) between different teams. To make matters worse: 57% of victims were killed because of a loophole, and the loophole can be fixed. And 34% of the victims knew they were already vulnerable.

Results: On the one hand, we reduced the scope of surveillance by focusing on the most critical/exposed assets-this left the entire field of information systems unattended, and another 64% of survey respondents plan to recruit for monitoring vulnerabilities in the next 12 months Resources.

But can more people be recruited to solve the problem? And what to do? To perform manual, repetitive, time-consuming tasks that are worthless and cannot fit the number considered? This is not feasible: dedicated security resources are scarce and expensive, so please use something interesting to occupy them, otherwise you may see them leave the team quickly in search of more meaningful work.

GS Mag: What are the company’s needs?

Gaël Kergot: Among other things, we think the company will have to break IT/security silos: a common and up-to-date mapping of shared assets, applications, etc. Is essential (not to say ServiceNow, but ANSSI, ISO, etc.); limit the number of tools used to facilitate interaction between departments, task assignment and behavior monitoring; standardize processes, automate, improve productivity and team satisfaction degree.

GS Mag: How will you develop strategies to solve these problems?

Gaël Kergot: ServiceNow is a platform that supports a set of functions needed to manage all types of requests. More specifically, in the security field, security incidents can be summarized as: repair requests, vulnerabilities, correction requests, deviations from security policies or risk analysis, etc. Despite these similarities, security has its own specific requirements and functions:

o Autonomy-The security team needs to handle its applications (security operations), configure its processes, its dashboards, etc. And this does not depend on the landing (or not dependent) of the IT team and/or ITSM project.

o Confidentiality-Security incidents and vulnerabilities are highly sensitive information that only authorized personnel can know, although its remediation is usually the responsibility of the IT team.

o Methodology-The methods and processes recommended and used for safety are different from ITIL. Analysis, isolation, and elimination of threats are the top priority, not quality and time to restore service.

o Tools-Security interacts with many security tools (SIEM/SOC, scanners, etc.) and internal and external information sources (threat intelligence, ISO reference documents, COBIT, etc.) that require specific integration. .

For these reasons, ServiceNow has invested in the past 4 years and provided its customers with two applications that fully meet the specific needs of security-Security Operations and GRC-pursuing these two goals:

o Coordinate security requirements through collaboration with the extended enterprise

o Improve the efficiency of the operational safety team

o Greatly reduce operational risks

GS Mag: With the entry into force of the GDPR, “design security and privacy” has almost become crucial. What is your position in this regard?

Gaël Kergot: Customers who invest in ServiceNow can use their investment and meet most of the GDPR requirements. From now on, our platform and applications can cover a large number of use cases directly related to the application of this regulation, such as:

o Data and processing registration, links to applications, assets, etc.

o Manage compliance with GDPR requirements (inspection, questionnaire, etc.).

o Evaluation (DPIA) and sequence of necessary measures.

o Regulations for management and mitigation measures to define and monitor related risks.

o In the event of a data breach, a reporting process (72 hours) will be carried out.

o Supplier risk management, repair control and monitoring.

o Global management and dashboard of data privacy officer.

o Subject access request (SAR): the collection and management of consent, the right to be forgotten, etc.

GS Mag: What is your message for RSSI?

Gaël Kergot: If your company is already a ServiceNow user, be sure to meet us at Assises (Booth 101)!