ServiceNow and Microsoft will provide extensive SecOps integration

Long-term alliance partners ServiceNow and Microsoft are bundling their security operations products with Teams and SharePoint. The native integration announced last week aims to make it easier for SecOps teams to detect and respond to incidents.

ServiceNow and Microsoft have gone a long way in their development work, so look forward to the first batch of deliverables next month. These integrations will provide Microsoft Azure Sentinel and Microsoft Threat and Vulnerability Management (TVM) to ServiceNow’s suite of security operations solutions. The plan also requires the integration of Teams and SharePoint. ServiceNow announced the SecOps integration at the knowledge conference held almost this year.

The ServiceNow SecOps product is broken down into two core functions: proactive workflow and automation for managing attacks and reactive detection. For passive repairs, Microsoft’s Azure Sentinel integrates with ServiceNow Security Incident Response (SIR) and promises to provide faster repairs.

Azure Sentinel is Microsoft’s new cloud hosting and managed security information and event management solution (SIEM). ServiceNow’s SIR has been integrated with other SIEMs, but since its release in the fall of 2019, more and more organizations have adopted Azure Sentinel.

Lou Fiorello said: “We must see that our customer base has considerable interest in it. This is one of the reasons why we have invested heavily and ensured close cooperation with Microsoft.” General Manager of ServiceNow’s security products business.

When data from Azure Sentinel threat and anomalous data is fed into the ServiceNow SIR, it allows MSSP and corporate security experts to run them through ServiceNow automated workflows. Edgile is a partner of Microsoft and ServiceNow and has early access to ServiceNow and Microsoft security integration.

“It allows people to use the ServiceNow platform to prioritize and help them see the forest from the trees, because a lot of things have happened with these scanners and these introduced tools,” said Brian Rizman, responsible for Edgile Integrated Risk Management (IRM)/ Governance risk and compliance (GRC) practices.

Microsoft Teams and SharePoint integration

Fiorella said that ServiceNow will release an incident management function based on the integration of Microsoft Teams and SharePoint in the beta version. He said that information and alerts will appear in Teams, and SharePoint will provide file repositories and file control.

The addition of Teams to ServiceNow incident management is based on the integration of ITSM with the Teams announced by the company last year. Edgile’s Rizman said that the integration of Teams-SharePoint and ServiceNow incident management is expected to simplify security operations management.

“If you can make Teams a way to trigger, manage, rule, and classify security incidents or compliance incidents, it will make your work experience more seamless,” Rizman said. “Then the ability to collect artifacts and evidence, and the ability to store and rotate them in the SharePoint environment, I think would be great, because these are natural places where people are already doing this work.”

The integration of Microsoft’s TVM and ServiceNow’s vulnerability response focuses on proactively preventing attacks.

“TVM integration is plugged into the proactive end of the product portfolio, detecting vulnerabilities, and then providing visibility and workflow around the response, connecting security from ServiceNow to IT,” Fiorello said.

ServiceNow’s integration with TVM and Azure Sentinel will be fully rolled out next month. ServiceNow will release a beta version of its Teams and SharePoint integration.