hi everyone my name is Pete KY and I'm one of the abom product managers with the seops group at service now today in this video I'm going to share some of the exciting things that are going on with service now security operations products service now can help your organization's security posture be more efficient automated and easier with tools like security instant response threat intelligence major security Incident Management data loss prevention and vulnerability response that all work in conjunction with each other and your security software and Hardware we also provide a broad array of everyday Automation and case management capabilities that serve to greatly improve security for the organization reducing Risk by moving faster and smarter is service now's core strength when it comes to the platform it's why most of our customers use our security operations products this demo is intended to provide a highlevel tour through our security products so if you're interested in deeper Dives please explore our end to end demonstrations of security incident response and vulnerability response where you can see our new improvements like software Bev materials and unified attack surfaces and with that let's drop in on a security instant that's being tackled by many different parts of the organization this is the major security Incident Management workspace major security incidents are different from everyday security issues due to impact criticality or severity and they require a great deal of cross departmental collaboration the major security instant manager can coordinate and direct organizational wide instant resp response workflows from this workspace they also have access to the entire collection of tools and Integrations ranging from correlation platforms to DLP sensors this gives them the ability to see every aspect of the major incident quickly and easily creating a virtual war room to direct the battlefield this can result in reducing the average time it takes to handle incidents up to 85% here we can see a new ransomware incident affecting the organization widely the overview of the major security incident workspace contains metrics that provide a quick live look at the major incident and its related components such as tasks duration instant impact and collaboration enrichment data empowers the teams working this incident either through data that is consumed in the platform or data that is already in the service now platform such as which devices locations and users that are affected similar or related incidents can be linked to the major security incident as well as relevant threat Intelligence being supplied to the organization so here we see the incident that was submitted as the major security incident and then we can see the threat intelligence that is related to this incident and the observables listed here integration with file sharing platforms like SharePoint automatically create a centralized repository to store all the pertinent file artifacts for the major incident managers can perform a variety of file operations here such as creating or deleting files and F folders and adding or removing user access live integration with chat providers such as teams help everyone get connected and engage in whatever channel is the most productive for them protected chat channels are automatically created for each major security instant when they are formed status reports can be dynamically crafted to keep leadership updated with minimal effort freeing up more time for working teams to address the threat instead of spending time on administrative tasks on the test tab here we can see what each team is working on in security and in other departments for example our firewalls have already been configured to block the attacker worldwide analysts are reviewing threat intelligence legal and PR working on a disclosure statement which is an important step that is mandated for material breaches in many sectors and also an effort to patch related log for Shell vulnerabilities is a work in progress let's now go look take a look at those patches and how they would work for a vulnerability manager a critical goal in this major incident is to ensure that there aren't any more systems that might be vulnerable to this specific attack service now's vulnerability response application empowers organizations to do just that many organizations still use emails and spreadsheets to perform the complicated and massive function of continuously coordinating vulnerability response between security and it and it can be an an intensely manual and slow process by automating these processes we've seen customers reduce the total number of open vulnerabilities by up to 50% within 6 months of going Live While improving the experience of everyone involved here you can see the task from our incident is to fix related log for Shell vulnerabilities vulnerability teams can set up Dynamic watch topics that focus on this area of interest and help coordinate remediation and mass service now vulnerability respon help security and it teams work on vulnerabilities at a massive scale making it easy to find what matters and to act on vulnerabilities in bulk the vulnerability response application provides a single system of action and management integrating with a wide selection of vulnerability scanners threat intelligence platforms and Patch management platforms to help reduce exposure and business risk quickly and effectively this includes remediation support for infrastructure containing and application vulnerabilities as well as penetration tests your organization can also see all the vulnerable items and the configuration items they're related to as well let's now look into this watch topic here and the related remediation effort there are a lot of vulnerabilities here to work on but a remediation effort has been started these efforts automatically route work to it saving a tremendous amount of time for the security team while all EX EXP aditing fixes once work is routed to it it has broken apart into this these remediation tasks in larger organizations it this work can be shared across hundreds of different individuals or teams from there op teams have simplified views providing precisely what's needed to Target and deploy fixes or request exceptions even better we can now automate scheduling and delivery of patches through integration with Microsoft tanium big fix and that will will help you make move things even faster across security and operations we're making it easier to get more important work done every day once the dust settles from handling security challenges both major and minor organizations can leverage our analytics to improve their security program our customers appreciate the ability to build dashboards for their teams and Leadership or to use out of the- boox pre-built content the use of performance analytics in the service now platform is one of many ways we help our customers gain the insight into real-time cross functional visibility of their organization PA is available widely throughout the service now platform and this includes both the security instant response and vulnerability remediation Estates using service now's PA capabilities dashboards like this can be fully customized to make sure the organization can track the key performance indicators that they feel are vital this custom ceso dashboard is a great example of what customers can build rapidly using our guy based reporting Eng and drag and drop dashboards as I mentioned in the beginning one of the advantages that service now has is the ability to bring together data from many groups to provide holistic insights across the board on this overview tab of this dashboard we have information from teams across risk policy compliance configuration management vulnerability response and security incident response dashboard tabs can be created to organize the data in this example the tabs provide extra detail are different groups but they can be arranged and styled however any individual user prefers here we can see this ceso likes to keep track of how incidents are being handled how well the it infrastructure is being hardened and secured what are the biggest risks to the organization how does the organization fit into policy compliance and performance and lastly the cost and return on investment for the organization today you've seen a brief overview of several capabilities that service now has to make organization's world of work easier in the vital area of keeping their people processes and Technology secure from optimizing and orchestrating security operations to hardening your attack services and keeping leadership informed our platform is here to help thank you and have a nice day