SESSION ID: SPO-R02A

Respond vs React – Cybersecurity in the Era of

Digital Disruptions
Gaurav Mahendru
Solutions Architect – Security and Risk
ServiceNow

#RSAC
#RSAC
#RSAC
 #RSAC

Along with Increasing Laws, Mandates and

Guidelines…
Australia – Notifiable Data Breach
Scheme…
Malaysia – Cybersecurity Law…
Hong Kong – Personal Data Privacy
Ordinance…
India – Cybersecurity Bill…
Singapore – Cybersecurity Bill…
CCPA, GDPR, NIST and many
more…
 #RSAC

How do C Level execs sleep at night

 #RSAC

Photo by sydney Rae on Unsplash

#RSAC
 #RSAC

Logos are trademarks or registered trademarks of their respective owners and not ServiceNow
 #RSAC

Cover Title
Cover subtitle

Speaker’s Name
Speaker’s Title

Date

© 2017 ServiceNow, Inc. All Rights Reserved Confidential

Photo
Photo by rawpixel.com
by Aditya on Unsplash
Siva on Unsplash
#RSAC
 #RSAC

Security teams “react” by trying to hire more resources

64% However, hiring isn't practical…

plan to hire additional

dedicated resources
for patching in the
next 12 months
2 MILLION
global shortage of cybersecurity
professionals by 2019**

50% 33%
respondents’ hiring plans represent a 50%
headcount increase of cybersecurity jobs don’t
in the next 12 months
receive a single view online***
** Source: ISACA, 2016
*Source: Ponemon Institute 2018 Cost of Data Breach Report
*** Source: Indeed, 2017
 #RSAC

…or effective

73% + 62% + 57% =

No common No easy way to Things slip through
view of assets track whether the cracks because
emails and
and vulnerabilities spreadsheets are
applications are being used to manage the
across security patched patching process
and IT
*Source: Ponemon Institute 2018 Cost of Data Breach Report
Respond Intelligently and Effectively
with Automation…
 #RSAC

Automating security and risk is the future

15x 93%
IPSUM SED
Adoption of SOAR Automation of Said automating
sed do eiusmod tempor
tools expected by threat-detection security
incididunt incident
ut labore et dolore
2020 tasks will increase magnaresponse is adsde
aliqua. Ut enim
minimets.
in 2018 important

Gartner: Innovation Insight CSO: Our top 7 cyber ServiceNow Black Hat
on Security Orchestration, security predictions for 2018 Survey August 2018
Automation and Response
 #RSAC

Your security and risk agenda

Initiatives

1 Keep your Fix your

most severe
Resolve critical
security incidents
Improve
efficiency of
organization’s vulnerabilities faster existing staff
data safe

2 Manage Communicate
risk and audit
Automate
compliance
Align third-party
risk with
and reduce results to the monitoring overall risk
risk business
Fix severe vulnerabilities
Integrate your vulnerability scanner
for faster vulnerability response
Outcomes

Integrate Your Automated Change Automation Confirms Identifies and prioritizes

Vulnerability Scanner Request Integration Vulnerability Resolved
vulnerabilities by business criticality

Most important vulnerabilities

remediated first and fast
1 3 5
2 4 Simplifies coordination
with IT for remediation
!

25%
Automatically Prioritize Coordinated
Vulnerabilities Change Planning

faster vulnerability response*

* The Total Economic Impact™ of ServiceNow Security Operations, A Forrester Total Economic Impact™ Study Commissioned by ServiceNow, January 2018

16 © 2018 ServiceNow, Inc. All Rights Reserved. Confidential.

Resolve security incidents fast
Connect your security tools in a single platform
to address critical threats first
Outcomes

Integrate Your Utilize Threat Remediate Identifies and prioritizes security

Security Products Intelligence Threats Fast incidents by business criticality

Automates threat intelligence

lookups for incident enrichment
1 3 5
2 4 6 Uses playbooks and orchestration
for fast, efficient response
!

Automatically Prioritize Determine Review Post

45%
Security Incidents Response Action Incident Reports

faster security incident response*

* The Total Economic Impact™ of ServiceNow Security Operations, A Forrester Total Economic Impact™ Study Commissioned by ServiceNow, January 2018

17 © 2018 ServiceNow, Inc. All Rights Reserved. Confidential.

Communicate risk to the business
Reduce remediation time for weeks to minutes
Outcomes

Identifies emerging risks

and audit activities

Prioritizes risks by
business criticality

Improves
decision making

From hours
* = MLC Life May 2018 to seconds
18
to view role-based risk reports*
© 2018 ServiceNow, Inc. All Rights Reserved. Confidential.
 #RSAC

Using Security and Risk together

Continuous monitoring for risks due to vulnerabilities
Integrate Your Harvest KRIs from Create plans for Risk Mitigation
Vulnerability Scanner Vulnerabilities into GRC VR: Coordinate Changes

1 3 5

2 4 6

Automatically Prioritize Associate KRIs to Risks in Confirm Risk Mitigation In

Vulnerabilities Risk Register Vulnerability Response
Other company names, product names, and logos may be trademarks VR: Automate Changes
of the respective companies with which they are associated.
 #RSAC

Complete the survey

Stand a chance to win a DJI Trello Drone Combo worth $250

bit.ly/2FTxhZn
Thank You!

Gauravkumar_Mahendru@servicenow.com