Security Operations Welcome Guide

| **Welcome to ServiceNow®** **Security Operations (SecOps)** Are you ready to start your SecOps implementation journey? This guide gives you valuable information you can share with your team, including proven guidance and links to key resources—all designed to set you on the path to success. While this guide is primarily designed for ServiceNow platform owners, it also contains useful information if you have a different role in your organization. Let’s get started! | | |
| --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |
| **Guide Overview** Here’s an overview of the topics we will cover in the guide: Familiarize yourself with SecOps Decide on business outcomes Chart your implementation path Work with ServiceNow experts Choose self-implementation Prepare for organization change Bookmark resources | | |
| **Start by familiarizing yourself with SecOps** SecOps comes with seven key capabilities that let you radically improve your security posture. You can get a high-level overview of these capabilities on the SecOps [product page](https://www.servicenow.com/products/security-operations.html). But don’t worry! You don’t have to implement everything at once. Here are the key SecOps capabilities to focus on first: **Security Incident Response:** Respond rapidly to evolving threats in your organization with Security Orchestration, Automation, and Response (SOAR). ([product page](https://www.servicenow.com/products/security-incident-response.html)) ([datasheet](https://www.servicenow.com/content/dam/servicenow-assets/public/en-us/doc-type/resource-center/data-sheet/ds-servicenow-security-incident-response.pdf)) ([product documentation](https://docs.servicenow.com/csh?topicname=sir-landing-page.html&version=latest)) **Vulnerability Response:** Continuously prioritize vulnerabilities using asset, severity, exploit, and threat intelligence and equip IT and vulnerability teams with automation and a collaborative workspace to remediate risks. ([product page](https://www.servicenow.com/products/vulnerability-response.html)) ([datasheet](https://www.servicenow.com/content/dam/servicenow-assets/public/en-us/doc-type/resource-center/data-sheet/ds-vulnerability-response.pdf)) ([product documentation](https://docs.servicenow.com/csh?topicname=vuln-landing-page.html&version=latest)) These [Vulnerability Response](https://youtu.be/B82vAWdzLCg?si=fAYrIYrMtBBxQuYW) and [Security Incident Response](https://youtu.be/7VN6wAMvZxM?si=JdmD%5FxRE1lmEvAC2) end-to-end demo videos are a great starting point for getting familiar with SecOps capabilities (view more SecOps [demos](https://youtube.com/playlist?list=PLkGSnjw5y2U7zWAyLBPLy8JFsapkA6Oka&si=sKKXzaYB5pLaptcO)). This [Security Operations (SecOps) Fundamentals](https://nowlearning.servicenow.com/lxp/en/security-operations/security-operations-secops-fundamentals-on-demand?id=learning%5Fcourse%5Fprev&course%5Fid=66f090cfc3d1f110cfdf34ee05013195) on-demand course will also help you to understand some of the key SecOps applications and how they work. If you are new to ServiceNow, we also strongly recommend that you take this very short [Get Started with the Now Platform](https://nowlearning.servicenow.com/lxp/en/now-platform/get-started-with-the-now-platform-next-experience?id=learning%5Fcourse%5Fprev&course%5Fid=5e8215b687cd1114f2f443f7dabb3556) course to learn the platform basics. If you want a deeper dive into using the Now Platform, a longer ServiceNow Administration Fundamentals ([Instructor-Led](https://nowlearning.servicenow.com/lxp?id=learning%5Fcourse%5Fprev&course%5Fid=fbb6cc4847f5dd505cbdaf44846d436a) \| [On-Demand](https://nowlearning.servicenow.com/lxp/en/now-platform/servicenow-administration-fundamentals-on-demand?id=learning%5Fcourse%5Fprev&course%5Fid=91e2630b47503d5890542034846d43ac)) course is also available. | **Security Operations solutions:** [Vulnerability Response Analytics](https://docs.servicenow.com/csh?topicname=install-and-configure-vr-analytics.html&version=latest) [Security Incident Response Analytics](https://docs.servicenow.com/csh?topicname=security-incident-content-pack.html&version=latest) | |
| **Identify your desired business outcomes** Before you start to implement SecOps, it’s critical to have a clear vision of what you want to accomplish. SecOps allows you to deliver multiple positive business outcomes, and you can achieve all of these over time. However, by deciding which outcomes are most important for your organization and agreeing on these with your stakeholders, you can set clear expectations and focus your initial implementation to realize these goals. Here are some examples of business outcomes ServiceNow customers have achieved with SecOps: A global e-commerce organization reduced the time to resolve security incidents by 88%. A large healthcare organization reduced the time to detect, triage, and resolve vulnerabilities by 54%. A large electricity supply company increased security analyst efficiency by 20%. A global financial services corporation reduced the time to train new security analysts by 50%. For more information, including sample business objectives and key performance indicators, check out this article on [SecOps Outcomes and How to Measure Them](https://www.servicenow.com/community/secops-articles/secops-outcomes-amp-how-to-measure-them/ta-p/2878296). | | |
| [**Chart a path to implementation**](https://www.servicenow.com/community/new-customer-onboarding-article/chart-your-path-to-implementation-success/ta-p/2735416) **Work with ServiceNow experts** If you have chosen to work with a ServiceNow partner or ServiceNow Expert Services for your implementation, it’s important to clearly communicate the business outcomes you want to achieve and agree on a well-structured roadmap to attain these goals. If you need guidance on successfully engaging with an implementation partner, this [workbook](https://www.servicenow.com/content/dam/servicenow-assets/public/en-us/doc-type/success/workbook/partner-strategy-development.pdf) is an excellent starting point. To accelerate time to value and reduce risk, make sure that your partner uses [Now Create](https://nowlearning.service-now.com/nowcreate), ServiceNow’s library of more than 700 leading implementation practices. We also recommend you use Now Create if you are self-implementing, as it provides a wealth of assets designed to guide you to success. If you want to work with a partner but haven’t selected one yet, check out our [Partner Finder](https://www.servicenow.com/partners/partner-finder.filtered.html/) or talk to your ServiceNow account representative about [ServiceNow Expert Services](https://www.servicenow.com/services/expert-services.html). We can also work with your chosen partner to infuse our expertise into your implementation through our [ServiceNow Co-Delivery service offering](https://www.servicenow.com/services/codelivery.html#!). For those of you who have purchased ServiceNow Impact services, ServiceNow experts and resources are at your fingertips to help you implement SecOps and achieve your goals. If you don’t have a ServiceNow Impact package, consider how having dedicated resources, discounted training, and jumpstart services can help you get the most out of your ServiceNow investment. Read more [here](https://www.servicenow.com/impact/accelerate). | | |
| **Self-implementation** **Build your team’s skills** If you do plan to self-implement, you’ll need to build your platform team’s knowledge and skills before you begin. This is a key reason many SecOps customers choose to work with a partner instead of self-implementing. The following certification paths are a good starting point for building these skills, but we do strongly recommend that you also engage resources who have previous SecOps implementation experience. **Make your implementation smooth and easy** To get started quickly with a basic SecOps implementation, take a look at these [Vulnerability Response](https://www.servicenow.com/community/secops-articles/quickstart-guide-and-resources-for-vulnerability-response/ta-p/2700648) and [Security Incident Response](https://www.servicenow.com/community/secops-articles/quickstart-guide-and-resources-for-security-incident-response/ta-p/2700639) QuickStart guides and Now Create resources. There is a Welcome Guide for Major Security Incident Management (MSIM) [here](https://www.servicenow.com/community/secops-articles/major-security-incident-management-msim-welcome-guide/ta-p/2886714). You can also register for an upcoming [Get Started With Security Operations Applications webinar](https://info.servicenow.com/LiveOnServiceNow-SecOps.html) or view an [on-demand webinar](https://www.servicenow.com/community/secops-events/get-started-with-security-operations-applications/ec-p/2781125). For a comprehensive implementation process framework that is proven to scale to the largest, most complex global deployments, check out our Success Packs on [Now Create](https://nowlearning.service-now.com/nowcreate). Success Packs tailor our core Now Create methodology, consisting of more than 700 leading practices, to deliver business outcomes aligned with specific product sets. Here are two Success Packs for SecOps: [Security Incident Response Accelerated Implementation](https://nowlearning.servicenow.com/nowcreate?id=sp%5Foverview&sp%5Fid=0f1e3d2ddb701c9077c0ce46b99619d6) helps with the implementation of SIR, designed to shift customers into Maturity Level 1 and align them to advance into the next phases of their customer journey. [Vulnerability Response](https://nowlearning.servicenow.com/nowcreate?id=sp%5Foverview&sp%5Fid=21d66fd51b2df014a5e699b1b24bcbf9) provides customers with prescriptive guidance to deliver a VR deployment with vulnerability scans data ingestion, automation, increased productivity, and enhanced visibility into their enterprise. If you are implementing Vulnerability Response, also note that your CMDB plays a critical role in successful implementation. This [video](https://www.youtube.com/watch?v=hWs1w-Z1oaU) explains this role and what you need to do about it. This [webinar series on "Success with VR"](https://www.servicenow.com/community/secops-articles/quot-success-with-vr-quot-webinar-series/ta-p/2819161) is another great resource. **Join the SecOps community** Visit the [SecOps community page](https://community.servicenow.com/community?id=community%5Fforum&sys%5Fid=be299a2ddbd897c068c1fb651f9619bb) and subscribe. You’ll find best practices and other useful resources for SecOps application implementation, and it’s also the forum to talk to ServiceNow experts, get your questions answered, and connect with other community members. **Understand ServiceNow releases and upgrades** If you’re not already on the latest ServiceNow release, we strongly recommend that you upgrade before you go live. By upgrading, you get new ServiceNow innovations into the hands of your users faster, gain access to the latest performance and security enhancements, and ensure that support is there when you need it. To make your upgrade smooth and successful, check out these [upgrade resources.](https://www.servicenow.com/success/instance-upgrades.html) | **Pro Tip** Stick to out-of-the-box ServiceNow functionality wherever possible. The process guides below provide detailed descriptions of “as designed” ServiceNow functionality for key SecOps capabilities. [Security Incident Response](https://nowlearning.service-now.com/nowcreate?id=nc%5Fasset&asset%5Fid=ba41792b1b82c954f95e99b8bd4bcbe2) [Vulnerability Response](https://nowlearning.service-now.com/nowcreate?id=nc%5Fasset&asset%5Fid=eaa29e35db164550788d25091396195b) | |
| **Prepare for organizational change** To successfully roll out SecOps, you need your business to understand and use SecOps and recognize its benefits. To do this, you need to communicate what’s changing and why and get alignment with your business. A great way to start this process is to hold a kickoff workshop. This [community article](https://community.servicenow.com/community?id=community%5Farticle&sys%5Fid=942a54f3db305d102454e6be1396193b) takes the example of a Vulnerability Response workshop and explains who needs to be involved. More broadly, this [webpage](https://www.servicenow.com/success/playbook/change-management-plan-guide.html) provides detailed guidance on how to plan for organizational change. If you need help creating a winning communications plan, this [communications plan template](https://nowlearning.service-now.com/nowcreate?id=nc%5Fasset&asset%5Fid=094da9068744f450ed3b74c9cebb350f) also provides useful advice. You’ll want to ensure that your security analysts are trained on SecOps by having them take this Security Operations (SecOps) Fundamentals ([Instructor-Led](https://nowlearning.servicenow.com/lxp?id=learning%5Fcourse%5Fprev&course%5Fid=4038f68cdb5eff40de3cdb85ca9619a3) \| [On-Demand](https://nowlearning.servicenow.com/lxp/en/security-operations/security-operations-secops-fundamentals-on-demand?id=learning%5Fcourse%5Fprev&course%5Fid=66f090cfc3d1f110cfdf34ee05013195)) course well as this [Get Started with the Now Platform](https://nowlearning.servicenow.com/lxp/en/now-platform/get-started-with-the-now-platform-next-experience?id=learning%5Fcourse%5Fprev&course%5Fid=5e8215b687cd1114f2f443f7dabb3556) course. And remember that if you are rolling out Vulnerability Response, your IT team will also be involved in remediating vulnerabilities. If they already use ServiceNow, they will have most of the knowledge they need, since Vulnerability Response integrates seamlessly into their existing ServiceNow IT environment. However, this [documentation page](https://docs.servicenow.com/csh?topicname=vr-ws-itro-wkspce.html&version=latest) provides specific information on what Vulnerability Response adds. | | |
| **Bookmark these resources!** [ServiceNow Customer Success Center](https://www.servicenow.com/success.html) \-- The CSC is a one-stop shop that gives you instant access to proven methodologies, leading practices, and expert insights and advice. [NowSupport](https://support.servicenow.com/kb?id=kb%5Farticle%5Fview&sysparm%5Farticle=KB0547260) \-- You can get technical issues resolved quickly by contacting our team comprised of ServiceNow employees with deep product knowledge and real-world experience. Read more [here](https://support.servicenow.com/kb?id=kb%5Farticle%5Fview&sysparm%5Farticle=KB0547103) on how to use support. | **** | |

[](https://www.servicenow.com/now-platform/latest-release.html)