hello everyone today we're excited to show you how service now is transforming security operations and force multiplying the power of your cesos organization with now assist for security Operations Security analysts can use intelligent workflows and service now's purpose-built generative AI skills to resolve security incidents more efficiently within their flow of work in security instant response let's dive in here we are in the security incident response workspace as security analyst Thomas Smith Thomas is responding to multiple security incidents and has to quickly get up to speed when he starts his work for the day as well as context shift as he moves between security incidents throughout his day Thomas can easily see all of his work in the overview and sort by priority or risk score to focus on the highest risk incidents first Thomas needs to work on this incident and many others but should also be informed about each incident to make accurate decisions he needs to get caught up on this security incident looks like it's a case of user reported fishing normally Thomas would have to spend time going through the incident overview to understand information about the incident like business impact threat Intel response tasks and related security incidents he would also have to review additional tabs for more contexts to get up to speed and start working on the incident requiring a large portion of his time for instance he'd review the description to see details about the fishing report sometimes this would also include reviewing pages of work notes to understand what work has already been done on this incident he'd also review related records to see more information on the impacted devices affected users and associated observables Thomas needs a way to start working on this incident faster and be accurately informed to make decisions without being overloaded with information now assist to the rescue with the security incident summarization skill with the click of a button now assist will summarize the security incident for Thomas this consolidates all of the relevant information from the security incident into one structured concise and digestible review allowing Thomas to quickly comprehend what's going on the structured summary generated by now assist contains four sections the issue is a quick concise statement describing the incident the detail section adds more information by including when what and how the incident occurred this is a critical timesaver enabling the analyst to understand the context without searching through the record and this logic is built into the generative AI prompt out of the box next the observation section captures the key information from the related records including the affected users configuration items observables and response tasks this saves significant effort allowing Thomas to know exactly what systems are affected lastly under key actions taken Thomas sees the highlights of what actions have already been taken on this incident from here Thomas can save this now assist security instant summary to the work notes as well here he can review it for accuracy and make any changes to content or format before saving it to the work notes once saved future analysts can use a summary and they know it's been reviewed managers can also come into the incident and quickly understand what's going on Thomas also has the ability to provide instant feedback to the large language model or llm team to improve the now's summary skill for instance feedback can be provided based on the summaries completeness and accuracy by using the thumbs up and thumbs down indicating whether the summary was helpful or not Thomas can also easily copy the summary to their clipboard to use it elsewhere or refresh to regenerate the summary it's our goal to make these nsis summaries succinct and Powerful to reduce the effort required by the analyst having to go through all the sections of the record this unlocks time and effort for Thomas to be able to spend time on more complex tasks but that's not the only way now assist for security operations supercharges the analyst's workflow now that Thomas has concluded what he needs to do for this incident it's time for him to close out the incident which requires writing resolution notes this can be time-consuming manual work for Thomas to write things up from scratch for every single incident he closes now assist for security operations can help accelerate this process for analysts let's close out this incident and see how now assist helps Thomas out assuming Thomas has completed the review of the active items and post incident review let's see how now assist can help with resolution notes now assist automatically generates resolution notes that summarize the incident including tasks that have been performed and the results succinctly Thomas has the opportunity to review and edit or change anything he needs in these notes before closing out the incident as a result analysts can now close out incidents much faster than before and this can have a large impact on Time Savings especially when you consider the false positives that need to be dealt with this adds up and allows your incident responders to work on complex tasks and get to the real issues now assist can help with even more and on the Fly Thomas can easily open a now assist panel with a conversational interface here he can query now assist using natural language to quickly discover information related to the incident or use Quick actions to generate resolution notes or a summarization right from the now assist panel Thomas can quickly query now assist for specific information in the summary such as who are the affected users or what is the impact of the incident now assist provides answers to these questions based on the incident Thomas has open and he can use this panel to quickly query other incident by opening them alongside the now assist panel the llm queries and provides answers based on the open security incidents tables and related tables so analysts can get important context on the incident more efficiently you may be wondering how does this all work let's shift gears a bit and take a look at how a now assist administrator can set up these features this is the now assist skills administrator section this is where skills are set up specific to the service now Solutions you are using let's drill down into the security operations product skills here you can see that skills have been activated for security incident summarization and resolution notes generation we can see details on when it was enabled and what llm service is being used if we drill down further as an administrator we can adjust settings on this skill this is a guided setup for adjusting the skill for now assist here we start with General details such as the description and related workflows but we can do so much more moving on to the choose input portion here an administrator can choose the summarization that's coming from now assist based off the state of the security incident as you can see here there are differences between summaries generated for work in progress review and close security incidents this is extremely flexible and Powerful administrators can choose what tables and fields are used by the llm as a data source by state including the ability to add in additional information by related list that ties to the incident table such as users configuration items and more coming with the Zan platform release is the now assist skill kit customers with experience in prompt tuning can build and test their own custom prompts to build custom skills for generative AI use cases on the now platform and connect them to now assist for security operations as part of the skill kit customers will be able to choose the llm they want to use including llms from external sources you'll be able to build test and deploy your new now assis skills across a variety of Solutions on the platform including security operations you'll also be able to tailor the skill kit prompts to create skills that are designed for specific roles in your environment if needed by adding the now assist skill kit into your tool set you'll have even more ways to improve the experience and productivity of your security analysts to transform your security operations today we've seen an overview of how now assist for security operations makes work easier and more efficient for security analysts by using now assist for security operations in your organization you can boost analyst productivity and compress meantime to contain security incidents improving your overall security posture thanks for watching