1© 2017 ServiceNow All Rights Reserved© 2017 ServiceNow All Rights Reserved

MYKE LYONSHead of Security Strategy, Security Business Unit

ServiceNow

Resolve Real Security Threats Fast

DEVON WINKWORTHAdvisory Solution Consultant

ServiceNow

2© 2017 ServiceNow All Rights Reserved

Agenda

• The Power of Security Operations

• Trusted Security Circles

• Vendor Risk Management

3© 2017 ServiceNow All Rights Reserved 3© 2017 ServiceNow All Rights Reserved

The Power of Security Operations

4© 2017 ServiceNow All Rights Reserved

Organisations Have Invested in a LOT of Security Products

PROTECT: DETECT: RESPOND:

[NOT SO MUCH]

5© 2017 ServiceNow All Rights Reserved

Organisations Are Struggling to Find and Stop Breaches

Source: Ponemon Institute 2017

On average, it took respondents 191 days to spot a breach caused by a malicious attacker, and 66 days to contain it.

6© 2017 ServiceNow All Rights Reserved

And the Vulnerability Backlog is Piling Up

• 61% of vulnerabilities are patched within a month

• Leftovers are likely NEVER to be patched

source: Verizon Data Breach Investigations Report 2017

7© 2017 ServiceNow All Rights Reserved

Top 10 Vulnerabilities Exploited in 2015 Were Over a Year OldAnd 48% were five or more years old

source: HPE Cyber Security Report, 2016

8© 2017 ServiceNow All Rights Reserved

The Need: Enterprise Security Response

Security Incident

Response

Vulnerability

ResponseWorkflow

Automation &

Orchestration

Deep IT

Integration

Threat

Intelligence

ENTERPRISE SECURITY RESPONSE

9© 2017 ServiceNow All Rights Reserved 9© 2017 ServiceNow All Rights Reserved Confidential

DEMO

10© 2017 ServiceNow All Rights Reserved 10© 2017 ServiceNow All Rights Reserved

Trusted Security Circles

11© 2017 ServiceNow All Rights Reserved

Threat Intelligence Sharing Improves Orchestration Accuracy

Complete Current Relevant

12© 2017 ServiceNow All Rights Reserved

Make People More Effective

Shared intelligence fills in the skill gaps

13© 2017 ServiceNow All Rights Reserved

Share Intelligence with ServiceNow Trusted Security Circles

• Anonymous sharing

• Automatic sightings searches

• Circles based on commonality

• Sharing stays with your company

• Supports industry standards – STIX, TAXII

• Early warning of potential attacks

14© 2017 ServiceNow All Rights Reserved 14© 2017 ServiceNow All Rights Reserved Confidential

DEMO

15© 2017 ServiceNow All Rights Reserved 15© 2017 ServiceNow All Rights Reserved

Vendor Risk Management

16© 2017 ServiceNow All Rights Reserved

Your Enterprise Doesn’t Exist In Isolation

IT softwarevendors

Outsourcers

Consultants Affiliates

Distributors

Resellers

17© 2017 ServiceNow All Rights Reserved

Today’s Vendor Risk Management Processes & Tools Can’t Keep Up

Manual Processes

Manual and time consuming processes make it difficult to provide adequate coverage for all critical vendors; leaving the enterprise open to loss events and unnecessary risk.

PoorVisibility

The inability to see what needs to get done, by when, and who is working on it means we can’t get visibility into program activities and overall risk posture; so we don’t get the type, depth, or timely information we want.

Siloed & Rudimentary

Tools

Siloed and antiquated risk management tools make it difficult to operate effectively within the extended enterprise; making it hard to prioritize and remediate issues.

18© 2017 ServiceNow All Rights Reserved

Introducing ServiceNow Vendor Risk Management

Policy & Compliance Management Risk Management Audit Management Vendor Risk Management

SingleDatabase

ContextualCollaboration

ServiceCatalog

ServicePortal

Subscription & Notification

KnowledgeBase

OrchestrationDeveloperTools

Reports & Dashboards

Workflow

Intelligent Automation Engine

Predictive Modeling

Anomaly Detection

PeerBenchmarks

PerformanceForecasting

Nonstop Cloud

19© 2017 ServiceNow All Rights Reserved

Transform Inefficient Processes into a Unified Vendor Risk Program

AutomateGain

VisibilityUnify and Prioritize

Gain visibility & transparency for you and your vendor into the status of assessments, issues, and tasks; and track changes across your vendor ecosystem.

Easily prioritize risks andeffortlessly drive them to closure when you integrate disparate siloes of information and technology with a user friendly experience across the extended enterprise.

Replace unstructured work patterns with intelligent workflows. Assessments, issues, notifications, and other work items can be automatically generated, assigned, and easily actioned.

20© 2017 ServiceNow All Rights Reserved 20© 2017 ServiceNow All Rights Reserved Confidential

DEMO

21© 2017 ServiceNow All Rights Reserved

1 2 3

Summary

Security Operations can help you build

an Enterprise Security Response

Program

Trusted Security Circles can invert the

threat intelligence model, allowing you to proactively stop

threats

Vendor Risk Management

monitors, prioritizes and automates

response to third-party risk