Faced with aggressive digitization, cybersecurity teams are under increased pressure to ensure they can operate at the same speed while increasing their capacities. With these goals in mind, security leaders have initiated enterprise-wide collaboration initiatives that are transforming capabilities with new cybersecurity operating models, enabling technology platforms that combine multiple innovation and ultimately deliver greater business value.
Therefore, it is important to decode how organizations can develop optimal security infrastructures and policies within their business value chains to keep themselves highly secure and combat ever-evolving business risks of tomorrow. To help us understand its importance, Lou Fiorello, VP and GM – Security Business Unit, ServiceNow joined us as a keynote speaker at the SecOps Summit 2022, where he gave us industry insights on this. Lou has over twenty years of experience developing security strategies for industries. Here’s what his keynote contained:
Why security and collaboration are important to business
Log4Shell is the latest example of a critical vulnerability and ransomware has been on the rise since threat actors began developing emerging attack-tech to engage in data breaches, information compromises, and organizational thefts. This year has also seen several major geopolitical events rise due to cyber warfare enabled by various sophisticated threats used by cybercriminals to compromise national security. A string of supply chain attacks is also a notable trend in the cyber attack spectrum this year. Among the various types of cyber attacks and crimes, the main point that security professionals must understand here is that barely detecting these threats is not enough.
The real challenge lies in addressing these threats in an entrepreneurial way. Security teams may know what to do with a new threat, but face significant implementation hurdles in the broader enterprise. There are traditionally many silos between security and IT as well, which drive many inefficiencies. Breaking down those silos will drive greater collaboration across the enterprise and help to achieve better security outcomes to address all of these emerging threats.
Three examples of cooperation
Improved collaboration can drive better security outcomes – that’s setting the stage.
A key element of collaboration within security is visibility. Teams working together in any organization need to be on the same page in terms of key information on the work they are doing.
Once that foundational element is in place, there is a series of workflows that can drive better collaboration across businesses to improve security outcomes. The action system includes:
Basic Security Incident Management (Ransomware)
The challenge:
ServiceNow worked with a large US healthcare company on their major security incident management challenges. This requires extensive discussion and task management across multiple teams, for example, different security teams, PR, legal, HR, depending on the type of incident. The company tracks their incidents through excel spreadsheets, there is a lack of coordinated remediation for events, and due to the lack of these foundational capabilities, they notice major problems tracking progress and status reporting.
The solution:
The virtual command center is a dedicated workspace for major incidents and acts as a task manager to have a system of record and action to drive results. This can be the basis of visual task boards to understand the overall tasks needed to drive these incidents toward resolutions.
DLP Incident Response (Insider Threat)
The challenge:
Having worked in one of the top ten global banking institutions, the company has noticed challenges on many fronts. First, there are usually multiple data loss prevention scanning solutions at different control points: cloud, endpoint, email. Second, the workload of the DLP analyst can be very high, thousands of incidents on a monthly basis! And last but not least, there is a challenge in linking events indepartmentally to an incident.
The solution:
Here, again, collaboration across the enterprise in terms of what needs to happen, and ultimately giving those security risk owners the ability to understand the outcomes and the action to pull is critical to driving the change.
DLP consolidates various alerts and information into a single pane of glass to understand what is happening across the enterprise. This drives a consistent process in terms of SLAs and notification of those incidents, to aid analyst efficiency and productivity. And it drives workflows across security, DLP departments and other organizations for data rest use cases, to monitor everything in one system. Again, an example of enterprise-wide collaboration to improve security outcomes.
Vulnerability Response (Log4Shell)
The challenge:
In the spectrum of everyday vulnerability challenges, most companies have hundreds and thousands of open vulnerabilities across their enterprise environment. Especially the ones that can come in a moment. Triage and assignment of those is often manual and uses tools embedded in the exposure.
The solution:
Specifically at Log4Shell, they observed a process, with security teams and functions on the left and IT vulnerability remediation owners on the right. A single workflow across both spectrums, where vulnerabilities are discovered on the left side, prioritized by asset and threat landscape information, then analyzed and automatically assigned to application owners in through the middle process. Once the remediators receive them, they actually have a workflow to drive resolution, exception management, or identify vulnerabilities and send them back to the teams. This end-to-end process helps drive remediation, improving SLAs, which didn’t exist with earlier tools around.
This common workflow has been instrumental in improving vulnerability response and remediation, both for day-to-day operations and critical vulnerabilities such as Log4Shell.
How ServiceNow can help
As a foundation for collaboration is critical, with layers of integration between DLP and collaboration tools, ServiceNow includes native capabilities for customers to transform these integrations. A full range of integration services are available on the platform, a full range of workflow and case management services, both manual and automated workflows are present, with an added common experience layer .
Lou concluded the session by adding that ServiceNow hopes to drive collaboration based on their foundational platform, and integrate better security workflows. He said, “Enhanced collaboration can drive better security outcomes and the company is uniquely positioned with its platform strategy to drive outcomes for security teams.”
To witness more exciting panel discussions and fireside chats on the various nuances of security operations, join the SecOps Summit 2022 happening today! Find out more about the day’s agenda and register here.
.