ServiceNow, which provides a software-as-a-service (SaaS) platform for managing security operations, has extended integrations to include multiple software offerings from Microsoft.

IT organizations that employ the ServiceNow Security Operations can now investigate security incidents using data collected through Microsoft Azure Sentinel, Microsoft Threat & Vulnerability Management, Microsoft Teams, and Microsoft SharePoint platforms.

ServiceNow Security Operations enables IT teams to collaborate more easily using the same core SaaS platform, ServiceNow VP Lou Fiorello told VentureBeat. Rather than having to employ two separate platforms, all the applications that are made available through ServiceNow share a common data model, Fiorello added.

That capability makes it simpler for security teams to identify issues for IT operations to resolve. “Security teams can’t do everything on their own,” Fiorello noted.

Microsoft Azure Sentinel combines security information event management (SIEM) and security orchestration automated response (SOAR) within a single cloud service. The data collected on that platform can now be accessed alongside other security data that has been fed into the ServiceNow Security Operations platform. This comes via additional integrations ServiceNow provides through its growing ecosystem of security partners, Fiorello said.

Integration and consolidation

Microsoft Teams and Microsoft SharePoint have been integrated with the Major Security Incident Management module within the ServiceNow Security Incident Response application. In the event of a security incident, a dedicated Teams channels will automatically be created. At the same time, artifacts from different incident response groups will automatically be consolidated into a Microsoft folder.

Meanwhile, Microsoft Threat & Vulnerability Management integration with a ServiceNow Vulnerability Response module facilitates aggregation of asset information, vulnerabilities, and recommendations in a way that enables IT teams to better prioritize tasks.

Azure Sentinel and Microsoft Threat & Vulnerability Management integrations are expected to reach general availability starting next month. Microsoft Teams and SharePoint integrations are also expected to launch in limited availability next month, with general availability planned later in the year.

Enabling security and IT operations teams to work more closely together is critical at a time when most organizations find it difficult to hire and retain security professionals. Many organizations now routinely rely on IT operations teams to remediate issues discovered by security professionals. But that becomes more difficult to achieve if the teams as using disparate platforms to manage their respective tasks. The ServiceNow approach makes it possible for teams to coordinate their response to an attack, Fiorello said.

A platform that enables teams to easily share alerts and data also helps drive down the total cost of security because organizations will not have to acquire and maintain an entirely separate platform for security operations, Fiorello added. In the future, security teams will be able to take advantage of the same AI capabilities ServiceNow is already moving to embed in its core platform, Fiorello said.

Pandemic pressures

Usage of ServiceNow Security Operations has increased in the wake of the COVID-19 pandemic for the same reasons IT organizations have embraced the core ServiceNow SaaS platform.
Cybersecurity teams working from home can more easily access a cloud-based security operations platform from anywhere. While some of those cybersecurity teams may be spending more time in an office in the months ahead, it’s unlikely many of them will be doing so on a full-time basis.

Even after security professionals do return to the workplace, security incidents will not be limited to a convenient schedule. A major security incident typically requires all hands on deck, regardless of where the team happens to be physically located. That’s a lot easier to manage through a cloud application that’s accessible from any mobile computing device.

It’s not clear what degree security and IT operations will ultimately converge, but as cybersecurity attacks increase in both volume and sophistication, the need has become more pressing than ever.