Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Automating Enterprise Security Response

75 views

Published on

During this webinar, Alex Cox and Piero DePaoli, security leaders at ServiceNow, will demonstrate and discuss integrating ServiceNow Security Operations with third-party security products, including Palo Alto Networks’ solutions. They will detail how you can automatically create and enrich security incidents with relevant threat intelligence data, and fast-track them through to resolution with automated security response processes.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Automating Enterprise Security Response

  1. 1. from the most trusted name in information security Automating Enterprise Security Response 1 John Strand Alex CoxPiero DePaoli June 20, 2017
  2. 2. 2 © 2017 ServiceNow All Rights Reserved© 2017 ServiceNow All Rights Reserved Automating Enterprise Security Response Piero DePaoli & Alex Cox ServiceNow June 20, 2017
  3. 3. 3 © 2017 ServiceNow All Rights Reserved The Progression of Security Protection Detection Visibility Response!!
  4. 4. 4 © 2017 ServiceNow All Rights Reserved Enterprise Security Response Security Incident Response Vulnerability Response Workflow Automation & Orchestration Deep IT Integration Threat Intelligence
  5. 5. 5 © 2017 ServiceNow All Rights Reserved Typical Security Incident Investigation Process Security incident generated Analyst prioritizes, assigns & categorizes incident Analyst identifies & extracts IPs, hashes & IoCs Analyst runs reputational lookups via threat intel indicators Analyst gets running processes from target machine Analysts gets network connections from target machine Analyst runs hashes on all running processes Analyst runs threat intel lookups on all processes and network connections Analyst confirms threat Analyst begins remediation process
  6. 6. 6 © 2017 ServiceNow All Rights Reserved Security Incident Investigation Process with Automation Security incident generated Analyst prioritizes, assigns & categorizes incident Analyst identifies & extracts IPs, hashes & IoCs Analyst runs reputational lookups via threat intel indicators Analyst gets running processes from target machine Analysts gets network connections from target machine Analyst runs hashes on all running processes Analyst runs threat intel lookups on all processes and network connections Analyst confirms threat Analyst begins remediation process Red Boxes = Data Enrichment Activities
  7. 7. 7 © 2017 ServiceNow All Rights Reserved ServiceNow Security Operations Security Incident Response Vulnerability Response Workflow Automation & Orchestration Deep IT Integration Threat Intelligence Single Database Contextual Collaboration Service Catalog Service Portal Subscription & Notification Knowledge Base OrchestrationDeveloper Tools Reports & Dashboards Workflow Intelligent Automation Engine Predictive Modeling Anomaly Detection Peer Benchmarks Performance Forecasting Nonstop Cloud
  8. 8. 8 © 2017 ServiceNow All Rights Reserved Live Demonstration
  9. 9. © 2017 ServiceNow All Rights Reserved 9 15,000 + Attendees Expected 180 + Expert Speakers 250 + Sponsors & Exhibitors Join ServiceNow in Booth 666 at
  10. 10. from the most trusted name in information security Q & A Please use GoToWebinar’s Questions tool to submit questions to our panel. Send to “Organizers” and tell us if it’s for a specific panelist. 10

×