Amongst the product announcements from ServiceNow at Knowledge17 in Orlando this week is Trusted Security Circles, a new cloud-based application giving enterprises the ability to share and receive hyper-relevant threat intelligence in near real-time.
Security teams have been fighting threats in isolation, but sharing information would expose to the world that they were under attack. Now, security teams can ask trusted peers, suppliers and partners about threats and ascertain just how dangerous they are. Organizations can control the way they share, what they share and with whom they share—they can remain fully anonymous. Enterprises can be forewarned of targeted attacks and can contribute to the safety of the wider community. ServiceNow has also announced Vendor Risk Management, enabling organizations to shut the door on third-party risk.
On average, bad actors took a month to exploit a vulnerability, with half of all first exploitation attempts occuring within a period of between 10 and 100 days*. Since attackers often use the same exploits against multiple targets in an industry or community, sharing threat intelligence with peers can give others the lead time they need to thwart similar attacks in their own networks.
“Securely and anonymously sharing active threat data with trusted peers has simply not been possible,” said Sean Convery, general manager, Security Business Unit, ServiceNow. “Now, security analysts are no longer alone. ServiceNow enables enterprises to apply the power of collaboration to proactively avert attacks.”
With Trusted Security Circles, a security team may see suspicious activity in their network and will want to know if others in their defined community have also seen it. An anonymous query goes to other members of the chosen circle, and a sightings search is performed against the specified suspicious observables. Customers now know if a security incident they’re investigating is happening to any peers, partners or suppliers. If the number of sightings exceeds a set threshold, a security incident can be automatically opened in ServiceNow Security Operations. This serves as an early warning system for industry-specific, targeted attacks. It can speed up response and shore up an entire supply chain from attacks.
“Having a systematic approach to sharing threat intelligence is important for IT and Security teams to remediate threats within their own company,” said Bart Murphy, CTO, CareWorks Family of Companies. “Now there’s a way to extend that insight to trusted peers. Cloud computing helps make this possible. No one needs to open up their data center.”
ServiceNow Vendor Risk Management
ServiceNow also announced Vendor Risk Management, a new cloud-based application that enterprises can use to automate third party risk, onboard new vendors more quickly and gain visibility of their overall risk posture. Nearly every organization works with hundreds or perhaps even thousands of different vendors, many of whom may be handling or have access to sensitive data. Teams typically use manual, outdated processes to assess the risk of working with these third parties, causing potential compromise of confidential information. Vendor Risk Management transforms these inefficient practices into a centralized system of action that orchestrates the process of assessing the risk of working with a vendor.
ServiceNow’s Vendor Risk Management allows organizations to automate the third-party risk management process, ensuring quality and effectiveness of assessment controls. They can onboard new vendors faster, allowing them to get value from their vendors more quickly. And finally, when combined with a broader risk management program, an organization can get a complete view of their overall risk and a systematic way to take action to reduce it.
Both ServiceNow Trusted Security Circles and Vendor Risk Management will be available in third quarter of 2017.