all right we'll go ahead and get started for today uh first of all thank you all so much for joining and taking the time out of your day for this webinar on getting started with security operations applications I hope everyone is doing well and thank you for being here and for being a stack Ops customer I'm Sarah wood I'm from the outbound product management team with in security operations at service now and I'm excited to be joined by my colleague Tim Boswell from the same team uh Tim did you want to say hello yeah hi everyone I'll just leave it at that for the sake of time yeah sounds good Tim um so yeah we're not planning to cover any forward looking statements today but of course in case we do our standard Safe Harbor notice does apply to this session and before we get into the agenda I just wanted to remind everyone that we are really here to answer your questions this is all about you guys so we want you to feel totally comfortable using the Q&A button in Zoom at the bottom of your screen to submit questions at any time throughout the session um which will be answered live or during uh in the Q&A itself and this is a recorded webinar so we will be posting it in the community afterwards if you wanted to revisit it uh or take a look at the links later and then lastly once we do close out today's Zoom Zoom session you'll receive a survey on your screen for your feedback so we'd love to hear from you you can complete the survey you can add any additional questions in there and we'll follow up with you as well and before we get into the content piece I do want to take a minute just to remind people if you if you aren't aware we have this wonderful customer security Symposium coming up uh September 24th and 25th it is completely free for customers to attend uh Partners as well we'd love to have you there uh if you are interested in available in attending please go ahead and click the QR code or uh sorry scan the QR code or we'll put the link in the chat where you can go check out the agenda and register so this is really a customer event for security operations customers it's meant to provide you with an opportunity to learn from each other learn from some of our expert partners as well across the technology space and implementation and share best practices so it's going to be a wonderful event and it's located in Santa Clara at our headquarters so again feel free to register uh thanks Pete for putting that in the chat and we'd love to see you there moving on just our planned agenda for the session most important thing is we want you to come away from this with a clear idea of what your next steps could be towards your security operations implementation and point you to some of the key resources that can help you be most successful with that and really again our goal is to support you answer any questions that you have and provide you with those resources to start your implementation and in this first part we will start with a quick overview and I'm going to turn it over to U my colleague Tim Boswell to take it from here yeah thanks Sarah yeah um we're going to start with a quick overview of security operations and then highlight some Key Resources uh to allow you and your team to dive a little bit deeper but I think before we get into that we have a quick poll um the reason for this is we want to know more about you and also based on the results here I'm going to do my best to tailor my sections based on who we have in the audience so we have more vulnerability response people in the audience or if we have more security incident response or maybe both uh what I will do is I'll I'll do the best to um again tailor the rest of the conversation based on who we have out here a little bit more Sirah how long do we leave this up about a minute I think uh let's see looks like responses are slowing down I think we can probably end it here okay that sounds good I'll let you do that I don't want to press too many buttons there we go all right so looks like uh most people are here to learn about both vulnerability response and security incident response and the the applications that fall under that and if you're wondering like what do you mean by applications that fall under that you'll see here in a minute and then looks like we have some some people are just here to learn more about vulnerability response okay great thank you for that thank you for participating in those polls um so again very high level um what we're talking about with regards to security operations is we're talk we're talking about a portfolio that we've essentially uh created two different sides the the respond to vulnerabilities and respond to incidents so if you're new to service now security operations you're probably already familiar that you can use vulnerability response to handle infrastructure vulnerabilities and security incident response to handle those incidents that come into the security operations center and that's that's how the application first started out but then over time it grew and that's why we've organized it into the left side and the right side so on the left side in addition to vulnerability response and handling those infrastructure vulnerabilities we also uh released configuration compliance so that way we could get into those misconfigurations and then application vulnerability response so we can handle those application vulnerability for those customers that are building a lot of those their own applications and they need to um to handle vulnerabilities in those applications as well as pent tests and things like that and then of course those those cloud and container vulnerabilities and then we also branched out into operational technology vulnerabilities So for anybody on this call who deals in manufacturing or health care or energy or anything like that that's that's not considered an infrastructure um system uh you may understand that you have to handle operational technology vulnerabilities in a much different Manner and so that's why that is is broken out separately and we've even taken it further such that there is a a separate OT business unit that also handles OT Vis visibility and also OT incident response but then we we kept innovating and we also released a software building materials application and then most recently the security posture control application and uh and and we're just going to continue innovating from there we have more things coming um with the uh the xanadoo release and then in our November store release and then with the next named release um Yokohama so then on the right hand side again security incident response is how we started out with responding to incidents and it's more those uh those those Standard Security operation Center incidents Standard Security incidents you might receive from like a Sim or an endpoint detection response tool or maybe even just a firewall or something like that but then we took it further and realized well security incident response if we made some Innovations to that it would be really good at handling those major security incidents so what we're talking about is not just a a fishing email or a malware or unauthorized access attempt those types of incidence we're talking about an all Hands-On deck type situation and that's what would be a major security incident so we do have a a separate module within sir that handles that and it provides you with that that that virtual crisis room or that virtual Command Center if you will but then we continued to innovate and released uh DLP incident response and then also threat intelligence security Center but I skipped what else we released which is our gen capabilities for security incident response both in VR and Sir we've had predictive intelligence for quite some time but service now released now assist for itsm now assist for HR now assist for CSM and we didn't want to stop there and so um uh last month we released now assist for security operations um and uh we're really excited about that and what that's going to offer us the first set of skills is the um incident summarization and then using also geni for closure notes but then routing it out uh with Bret intelligence security center that is our most recent application that was released uh earlier this year and what we're talking about there is taking the threat intelligence we were already doing in service now to another level with regards to the Integrations and then also doing that case management for cyber threat intelligence so that's that's a quick very quick overview high level um if I could just uh talk a little bit more about like a if you want to think like okay well how would a workflow work in security incident response I think on the next slide yeah there we go um so if you're thinking like okay I'm not really familiar with with security incident response in general what are we talking about here what's that workflow look like so we're consuming those alerts events offenses from your sim tool whether it's Splunk or Q radar or Microsoft or what have you or endpoint detection response tool maybe it's a network detection response tool maybe it's a uh a a um a network intrusion and prevention system uh whatever whatever security tool that has Those sensors the idea is we integrate those into service now and the reason being is most of our customers have tons and tons of security tools there isn't just one that does everything and so what we're doing is we're aggregating all that we're allowing our customers to be that single paint of glass or as close to that single paint of glass so that way you're not swivel chairing across all those different security tools what you can do is you can bring it all into service now and then because service now because we have that asset information we can natively link that alert or that event to the asset information and then start to enrich that data and then also using the the um the flow designer or process automation designer to start doing some automation with regards to that security incident uh whether it's automatically prioritizing the security incident based on the data that we pull in from the cmdb or doing other things like sending the observable from that incident out to that threat intelligence tool sending it out to virus total or recorded future and bringing back the results so that way we don't have to waste time doing that manually but then also using service now playbooks to determine what is that response action or even orchestrating that response action and so what I mean by that is the Playbook if it's a a um a manual workflow responding to that incident The Playbook can guide that analyst so that way they're following a set of consistent process and procedures or maybe they're a newer analyst they just need some guidance or orchestrating that response action using service now to automate the response uh let's say um you know one of our playbooks is if there's a fishing email or malware detection on a laptop that belongs to finance just automatically isolate it we don't even want to take that risk that something could happen to finance so just automatically isolate it and through our Integrations to the EDR tools that's what we can do with service now so that's that's what we're that's kind of an example workflow with sir and then routing It Out by um providing the post incident report at the end that that's very easy to do what we want to do is minimize that administ RV that the analysts have to do you know maybe those security analysts we don't want them doing a bunch of report writing so using service now to minimize that work through questionnaires or using now assist to help create that and then likewise a uh the workflow for vulnerability response very similar what we're talking about is integrating those vulnerability scanners whether it's the infrastructure vulnerabilities uh that we consume from tenable or rapid 7 or qualis or the application vulnerabilities from veric code uh bringing those into service now and then again automatically linking that up with the asset information that's already in the cmdb or elsewhere within service now so that way we can understand who owns this system who does it need to be assigned to what's the priority of that vulnerability not just looking at the severity that we're already consuming and pulling in from through our integration with the national vulnerability database but also also looking at that business intelligence and then uh continuing to enrich that data by pulling in red intelligence so we can understand does this vulnerability have an exploit in the wild or is there a POC for that exploit already out there so we could do more than just okay yes the the nist says the vulnerability is this severity but there's some other things and other factors that I want to take into account to prioritize that properly and then using service now we can do is using things like assignment rules to automatically triage that vulnerability and assign it to the right person and if that person needs an a um if they need to transfer to somebody else they could quickly do that within service now or if it is there is they can easily schedule the patch they can do that that uh patch orchestration from within service now again minimizing that swivel chair or if they need an exception or deferral because they can't apply that patch or update right now we could still track that in service now we can assign that to uh somebody to approve that or maybe we um maybe we need to make sure that our GRC organization that they have visibility into those exceptions and deferrals because if it's going to cause a control to slip they can quickly identify that because maybe the asset owner won't understand that or maybe the security team doesn't know what the impact is of that exception or deferral and then again just like with security incenter response using the Integrations to do orchestration on the other side same thing here we can use those out of the boox rebuild Integrations that we provide in our store to do things like trigger a rescan so the asset owner says yep I remediated that vulnerability good to go I'm all done for the day well maybe they didn't maybe they think they did but they really didn't and so what service now can do is trigger a rescan to validate has that vulnerability been remediated or not and then take a from there based on those results so high level this is what we're kind of thinking of when we when we think about the workflow with vulnerability response all right where are we here so the next thing I want to provide is um highle look at some of the resources that we provide to our customers as well as our partners so if you're just starting out thinking like okay what do I need to do to deploy this in my environment or what is what what should I be thinking about as I plan this out or what should what kind of conversations should I have with my implementation partner we provide a lot of resources for you to learn about the products learn what it will take to implement it learn what it will take to support it and maintain it that that care and feeding um and just just keep it up to date and also acquire those those new innovations that we come out with on a regular basis through the the store first thing is the product documentation uh this is where you'll find all the latest product information and the release notes as well as other helpful content like setup guides and instructions on learning about entitlements and things like that uh we are going to be sharing oh good you've already started sharing these these links in the chat that's great so the product documentation this is probably my favorite resource uh this is something I have open every day all day whenever I'm talking about the applications or thinking about the applications I'm almost always referring to our product docs and this is available to the public you don't need to sign in to VR product documentation um so just just know that that we're very transparent about our product docs the next thing I believe is uh our community YouTube channel yep and there are some really helpful and useful videos on this channel there are some uh videos that are very in-depth and kind of long that will spend like an hour sometimes two hours so some very technical and deep uh topics that there are videos on and we bring in service now we bring in um some subject matter experts that have the ability to go very deep into that topic um but but then also there's some some bite-size videos in our YouTube channel so if you're like well I just okay I heard Tim talking about major security incent management I just want to know a little bit more about that I don't want to really get into how do I set it up and how do I use it how does this integration work and that I just want a quick little high level you can also find a those short five to 10 minute overview videos within our YouTube channel as well and then everything in between so this is another um this is another good resource that I often refer to a lot and I send people a lot if they ask questions like hey tell me more about this application usually what I'll do is I'll go find a short video about it in our YouTube channel I'll just send them that link So speaking of learning more and really getting deep the training and certification is located at now learning and um this is where very similar to our YouTube channel we do have some very short um trainings uh some OnDemand trainings um you know they're just like an hour or a couple hours if you just need to to get acquainted with something but then if you're thinking like okay I need to learn how to administer and support and maintain this application or I need to learn how to implement something something or I I need to understand how my implementation partner is going to implement something this is where you can also go to really get deep and and understand more about the application really get under the the the hood there and really understand how it works but there's also some Hands-On simulators uh some OnDemand simulators and On Demand Labs that are located in now learning um that you can use um some of these um do uh uh come free maybe with your subscription or your license and some you do have to pay a little extra for um I know that we also offer some learning credits so if you want to know more or if you need to understand more about how that works you should talk to your account team your service now account team and they'll be able to help you with that um help you understand uh how you can get access to some of those trainings that are there that um are paid and you will need to log in so now now we're getting into some things that are a little bit more intellectual property and so I do want to make it clear you will need to log in to now learning um and so if you don't have access to that you'll want to talk to your account team or what you should probably do is just start out with your your platform team your service now platform team to understand how you can get access to now learning um and go from there um there and then one last thing I will mention before we move on um that's also where you will sign up if you want to take a live course whether it's iners or virtual we do offer a lot of live instructor-led courses and this is where you would sign up for that uh just a couple more things the security operations Community um this is where we have a lot of blog posts a lot of our announcements and also where customers and implementation Partners will often go in and ask questions and also answer questions so the community is a great place to interact with service now experts whether they're service now employees or Partners or um uh people from our expert services or customer outcomes but also just to really stay up to date on the latest and greatest and there's also some additional resources in here as well like some quick start guides and um and links to um to other implementation guides and user guides and things like that so the security operations Community this is if if you don't remember any of these resources but you only remember one this is the one that I would recommend you remember the most is the security operations Community um because from here you can pretty much get to to everything because whenever we post something new or or Prov provide a new resource or new implementation guide or quick start guide this is where we're going to announce it but then also whenever we release a new innovation or um or an update or something like that like a new application or a significant update to an application this is where we're going to announce that I think just yesterday uh I saw um one of our teammates post an announcement saying hey here's what's new in zad do for security operations So for anybody who doesn't know the xanadoo release went live today and is available today and is generally available today um and so if you're wondering okay well what what's new for security operations in xanadoo go to the security operations community and look for that announcement and then just one last resource that I'll mention and the this isn't by far an all-encompassing list of resources that I've gone over here but this is the last one I'm going to mention on this webinar is our developer site so for those of you who are a little bit more advanced um maybe you're on this call and you're actually the platform owner for your organization and you're just on here because you want to learn more about the security applications if you don't know about the developer site this is this is something that you should really check out um if you're on here because you're from like the security engineering team and you're going to be supporting SE Ops for your security organization um once you go through those other resources and learn more about security operations you will want to come back here to the developer site so this is this is the more where the more advanced type stuff is in in my opinion um so this is not a site that I go to on a regular basis like the community or the product docs this is where I go if I if I need to look at something that's a little bit more uh Advanced like the um if I need to know more about the apis or um if I need to learn something about how the uh the UI build works but then also this is where we have the developer program which is free to join uh the developer ecosystem for all levels provides the ability to collaborate with other developers globally so it's a little bit beyond just that Community um we have a reference developer resources so very detailed documentation on now platform apis the libraries the next experience UI components and other things like that and then this is also the last thing I'll mention here try and keep it on time uh this is also where you would sign up for a personal developer instance also known as a PDI and uh and the PDI is a great place to just try things out and break it because you can always just reset it or go back and get a new one so I think I'm probably taking up a little bit too much time here so I'm going to turn it over to Sarah now and Sarah I'll let you talk about the implementation journey and I'll try to stop for a little while and get us back out of time maybe sounds great thanks Tim so yeah we're going to switch gears a little bit and focus a bit more on sort of the how how you can get there how can you start your implementation and of course we're going to start with a poll so I'm just launching this poll now to get a sense of where you are at in your implementation Journey are you implementing now or this quarter are you planning to implement later in the year um or perhaps into early 2025 um or no plans to implement yet which is obviously totally fine um and then anything else feel free to to let us know in the chat it's always interesting to hear where you are at and so we'll keep it open for a few more seconds while we get some more responses in but it looks like most people are in the journey now or in this quarter um with the next uh set of people planning to implement in the year so implementation is front of mind for most people um and then some people not not currently planning or or some other some other option so we'll we'll wrap that up it's great to to kind of see where people are at and we want to just kind of talk about some of the options that you should be aware of for your implementation Journey so service now customers typically will follow one of these three models and there is you know flexibility as you can see so first we have a service now Leed implementation which will involve engaging with our expert Services team who will guide your implementation with leading practices or they can collaborate with you and your implementation partner in more of a co- delivery model which will just help you know boost your success with your implementation um the second one we see here is your you know fully partner-led implementations which I would say are the most common type among SE Ops customers where you can choose from a range of certified Partners in our ecosystem that have ideally specific expertise in SE Ops um and service Now Products as well and we'll go through that partner finder resource a little bit later which is super helpful place to go if you're just looking for a partner um and you want to be able to get a bunch of information on them in terms of their service now expertise and I'll highlight as well that not only is it important that the organization is certified experienced but also that the individuals working with you from that organization are experienced in SE Ops implementations because it is uh more of a specialized area uh lastly we have self- implementation which is certainly possible it would mean your organization is leading the entire implementation and would leverage you know all of the existing resources and tools that we're going through today uh it's not typically recommended for security operations uh just given the scope and complex lexity and certainly having expert services or an implementation partner working alongside you can only help expedite and remove the need for future rework so we do you know recommend having that expertise alongside you uh so you can sort of you know focus on the right outcomes functionality and scope your implementation and this is showing a high level crawl walk run fly model which really kind of depicts that graduated approach to implementing where you're focusing on getting the right foundations in place first so you know starting with things like getting the right data coming in um having your platform core setup so things like roles and group setup for whatever scope you're starting with so maybe it's vulnerability response application vulnerability response configuration Appliance security incident so depending on what you're starting with it's getting all that sort of setup done um and once you have that setup you can move into things like where reporting will be performance analytics advancing into other applications and data coming in uh still on the foundational side and can take you know three to nine months to sort of move into crawl maturity as you start turning things on like performance analytics and Integrations such as patch orchestration or starting you know major security Incident Management uh threat intelligence is another another thing listed here to support your security incident response um and then there's things like Cloud security for uh configuration compliance which can be like another entire implementation uh the good news though when you're on the platform there's a lot of consistency or parity in the design so implementation uh from one area like vulner ility response will have a lot of similarities to to moving into something like application vulnerability response so it's great that you sort of get that overall understanding of the path and you can kind of apply that knowledge as you move through different applications with security instant response of course there's different capabilities with automations and playbooks so there is a different knowledge base required than VR but you're again getting benefit from those automations as well from day one um taking a step back here to look at the kind maturity model for VR there are a number of different stages of maturity when it comes to implementation and this is not U specific necessarily to service now but something kind of some of it speaks to more of an industrywide uh approach but as you're starting out you're really typically looking to get out of that maturity level Zer which is your more manual work having spreadsheets that you're exporting out of your scanner emailing things to remediation owners to deal with uh incidents and maybe not having so much visibility across the team uh whereas as you leverage service now you move towards at least having that level one which is going to be a major jump as you bring in more Automation and data into vulnerability response as you set up things like Risk calculators to prioritize filter and kind of know where to start with your vulnerabilities grouping them assigning them as they're being loaded in um and just overall automating a lot of that manual activity and having more of that visibility across a single system of record and action and then moving into maturity level two that's shown here you have that additional context additional level of understanding of assignment additional Integrations and giving you a bigger picture of your infrastructure and ability to manage the whole life cycle of vulnerabilities so maybe it's change requests maybe it's um exception requests and just having that kind of awareness connection to the compliance team and ability to build out even more Automation and efficiency in your processes uh some customers will want elements of this right from the start of their implementation especially if you're already using service now you're already using integrated risk management and um if you have you know a cmdb already a cmdb team you can actually use you know your scanner data to augment the cmdb again keeping in mind that having a cmdb is not necessarily a prerequisite by any means uh into getting started um and then moving into Enterprise risk trending where you have sort of all your scanners integrated across you know Cloud application configuration um coming in you have a really complete picture of your attack surface and oversight at a you know broader level um so it is possible this is sort of letting you know customers are there so it is it is something that you can get to as well we have implementation experts on today so if you have questions of course let us know but we'll move on to a brief kind of overview of security incident response that similar cycle of starting out with more of a manual process across disperate tools when you're looking at maturity zero and then adding in automation to get to maturity one you have like a huge boost in your efficiency when you've got integration from different Sim tools um an incident creation without having to manually do that work uh again bringing that data into that sing single source of record and action and gaining you know leaps in your efficiency right away um and then once you've got the data in the platform you have the ability to layer on Automation and that can be in terms of you know automated calcul calculations for prioritizing things uh improving your visibility you know moving into maturity to you have more advanced functionality such as your correlated threat intelligence data um from your threat intelligence module and additional you know enrichment to better guide your decision making and accelerate your response and over into level three we have more you know that orchestrated remediation with your playbook setup and that provides more of a guided stepwise approach to handling incidents more automated response more Integrations to enhance analyst efficiency um we typically would recommend achieving stage one as the first step so not to be overwhelmed with all of the different elements that we've been sort of going through but just getting to stage one allows you to reach so much value really really quickly um just moving into kind of where to start with uh getting your maturity story in action we do provide a number of different story themes to help give some guidance and understanding to what to focus on as you get started and these are all in the resources that we're going to share out and now create and um there's detailed steps into what you know things like core setup involves obviously installing in this case we're looking at VR and its supporting applications maybe it's patch orchestration for example and having a really good understanding of the different user personas um and then moving into inte set up and recognizing sort of these steps are there there there are resources that will help you be successful and provide you with a little bit more of a blueprint to work from to ensure your success in your implementation um moving on to the right side we have things like change management and that could be more of a maturity that you get to over time but in terms of your outof the-box functionality it's a really easy thing to add in into phase one depending on how much your remediation owner team can take on uh as well as something like exception configuration again out of the box it's it's sort of ready for you uh just need to plug in the approver names and get the workflow going uh notifications are Another Story theme that we we have outlined um it's not something that you necessarily want to notify an assignment group when they get a vulnerability that'll be you know overload um but you're wanting to make sure there's the right amount of notifications for your workflows um and you know CH dealing with organizational change management and making sure that as a CI owner people are coming into the workspace and finding their work there uh things like that and then report configurations dashboard configuration uh these are again more more advanced things um in the story themes that you'll find resources for as well as with VR security instent response has similar story themes and some different ones as well so starting with installing them getting them from the store you know setting up user personas these are similar across all applications so it's it's great to have that knowledge and be able to bring It Forward in your implementation uh that's a big benefit of using the platform um security instance have uniqueness with their access restrictions just given the sensitivity of data in in security incident response so as an organization you can make those decisions as to what you want your platform admins to be able to access um again integration setup you want to bring data in you want to automate things so that's another key piece of it and then whether or not you enable your cmdb to be sort of updated from data here this this this will play out in your risk calculations and will only add more benefit to what the solutions can bring but it's not a requirement it's not a showstopper for getting started you can just do more as your cmdb gets more mature uh these themes are out there they're in now create I I will move on though so that we we stay on time um but we want to highlight with that some of these key resources that we think are really important for you in in the how piece and getting started with your implementation so I'll get right into the Partner Finder uh this is a great online tool to search from over 2,000 of our partners in our ecosystem and really valuable resources you have the ability to see uh which Partners specialize in Security Solutions and how many you know successful implementations they've done their C sets scores and things like that and you can filter it by solution so if we have time at the end I'll I can I can walk us through that a little bit but we will be sharing the link in the chat as well um we did mention expert services so expert Services is our team for service Le implementations uh and co- delivery co- delivery with Partners uh and other best practice resources so your account team can plug you into this if you're interested in learning more but just know that there is a lot of flexibility so you might engage with expert services in more of an advisory capacity uh or perhaps more on the front lines of your implementation or in a co- delivery model so there's a lot of you know flexibility and different package services that you can look at and uh I'll move on to now create as well now create we've mentioned a couple of times and they really provide that on demand guidance to support the success of your service now projects and they have uh so many resources and we're going to share some links in the chat to really support your implementations uh success pack scoping guides there are starter stories that you can leverage uh recommended implementation sequences and so really really encourage you to check that out you do need to log in uh to access these things but they're readily available and um the story themes we went through are also from there and we do have Quick Start guides as well that provide step-by-step implementation guidance all of which is designed to help you be successful with your implementation and leverages tons and tons of experience uh in implementation to do so so highly highly recommend that as well and I'll drop those all in the chat now but uh we'll move on to our final section as well where Tim is GNA take us through the why so the value piece quickly before we wrap up and get us started with our poll here thanks Sarah and while while people are doing that poll I did want to mention and before we transition completely off the implementation topic uh during our last poll an audience members said that they're doing a hybrid implementation where they have a partner leading but they're training their own internal staff and allowing them to make small changes and uh so while people are completing this poll I just wanted to mention that I have seen customers that do that achieve a lot of success there and the reason why is because our implementation partners they do this day in and day out they do these implementations every day all day for customers and so it's it's it's a really good idea to bring them in even even if you don't want to turn over your entire implementation to an implementation partner it's still a great idea to do what this person said where they're doing a hybrid implementation where that implementation partner is just doing some work but then because that implementation partner may be leaving and you still need to run your installation of security operations and then also the other thing I want to leave you with is the idea of delegated Administration so oftentimes the platform team might say hey I don't have the bandwidth to do all those things that you want to do so usually what we see customers do is the platform team will delegate certain administrative functions to um like a security engineering team that can handle certain things within that security operations application so I just because we were talking about implementation I did just want to mention that that what this person said about doing a hybrid implementation where the partner is leading it but not doing all of it um I have in fact seen a lot of success there because again those implementation Partners they every that that's all that's their full-time job that's what they do is these implementations and so they are great experts and great resources for you to um to use so with that I'm going to try not to pontificate anymore and move on so uh thanks again for for responding to these polls this is a great way for us to better understand you um where I'm going to go now with regards to achieving value with security operations um if you haven't considered it already what I want to talk about is what kind of value you can expect to see by getting started with security operations and again we'll kind of close out that poll what are your top desired business outcomes accelerate response to security incidents yep accelerate response to critical vulnerabilities oh yeah and then reducing those security incident that reducing the effort that you spend on security incidents and then reducing that attack surface yeah can totally relate to all that um how how are customers doing that today customers that that have already implemented so all of those things that we just mentioned that last poll and all the things here on this slide depending on your priorities our customers have been able to achieve those results Within just 6 months of going live uh to highlight a few analyst closing two times the number of security incidents on average at 12 months so what I mean by that is within about six to 12 months of implementing security incident response and getting that up and running and getting to a uh a baseline level of maturity with that analysts are able to close twice as many incidents they're able to triage investigate and remediate twice as many incidents in that in that amount of time and cutting the meantime to remediate a vulnerability in half within just 6 months of implementation and our best-in-class customers are achieving even greater results than that uh so these are the types of results that we're here to help you achieve and sorry Sarah if I'm jumping around a little bit too much with regards to making you change of the slide so sorry about that uh we um so if we look at how we do it ourselves so here at service now we're we're not only the uh the developer of these applications but we're also our own client we're also our own customer of these applications um so we do use vulnerability response internally here uh we are customer zero we used vulnerability response to move from using manual labor intensive processes to respond to vulnerabilities um and we are leading to over 99% accuracy in assigning vulnerabilities so that means oh and and also exceptionally High SLA attainment and we did achieve an 85% gain in productivity so what that means is by implementing vulnerability response ourselves we were able to achieve those results and then moving on to security incident response that next slide again this this security incident response was originally born out of a problem that we had to solve ourselves as a cloud service provider with our own private cloud and government cloud and uh and and and then it it was um productized and developed and it's now as you know available to our customers with all the Innovations and the portfolio that it's grown in today so we used this we used this ourselves originally many years ago and contributed to the Innovations and so we still use it today as such our internal security has gained immense value moving from manual processes to being able to prioritize alerts and automate processes leading to over 800,000 in Staffing cost savings and thousands of ours saves so what that means is as service now for anybody who doesn't know service now as a company we've been going through explosive growth over the last uh decade or more and with that comes an increase in a tax but you can't hire your way out of that problem you can't you can't think that you're going to hire enough people to keep up with all those attacks so by using service now the automation uh with regards to prioritizing those incidents and with regards to automating the response to those incidents that's how we're able to keep up with those attacks and that's how we're able to save all that money and Staffing cost because we didn't we not trying to hire our way out of our problem what we're able to do is we're able to automate our way out of that problem so when it comes to measuring success and by the way this this uh this chart right here this is available uh within the community just just like all these other resources that we've been showing you so to get to those results setting your vision and outcomes is a critical first step in your implementation and so this example here again within it's available to you in the community these are just some examples of the types of outcomes you can choose to prioritize in your security operations implementation many customers will initially select one or two outcomes that relate to their key challenges in order to prioritize those for their first implementation for prioritize prioritize those for their implementation when they're first rolling it out and then be able to select appropriate metrics to measure their progress there's a whole number of resources that we've been going through and those resources can help you get to that level of maturity that you need to and one of the things that I failed to mention back at the beginning when I did the overview was that service now comes with a lot of reports and dashboards and metrics out of the box that you can start leveraging immediately and then as you go on your maturity Journey you can start to tailor those to better match your environment and uh and start to use the ones that are more relevant to you so with just a few minutes left just a few more resources I want to go through real quick so the customer success Center um what that has is again this is uh all right there at our service now.com website very easy to find uh this one has more leading practices resources tools and calculators it's another way to get to these various events like this one uh like these like like this webinar other services uh learn more about the value methodology uh which is our framework to Envision create and validate value from your service now products and it helps you Champion your success the value calculator on the next slide um this is something I was going to talk about but this is being revamped right now so I'm only going to mention this and say that uh while this is not available today uh they are going to release a new version of the value calculator and so this is something you just come on to keep in memory for later or bookmark for later and when they do release the next one what this is going to do is this is going to be a resource that will provide a quick and easy way to see the annual business value you can achieve using service now so whether you're thinking like okay i' I've rolled out security incenter response or vulnerability response and I'm ready to move to the next level but I want to I I need to understand am I getting value out of what I've installed and can I justify moving to these additional applications this is something that will help you with that Financial justification and then service now impact what service now impact is is it's a value acceleration solution designed to maximize the value that you get out of your investment with service now um this is more of a um more advanced way of calculating your return on investment and the value uh it gets a little bit more in depth it has some some um it's beyond that calculator that I talked about a minute ago uh this is going to be looking more at metrics and whether or not you are actually uh achieving those goals that you set out when you first decided to implement security operations and then it also provides you with some other goals and some other metrics that maybe you haven't considered that you can uh use in the future as you continue to mature your operation and mature your implementation alongside that and then the last thing we'll we'll try to wrap up and still leave at least a couple minutes in case there's any questions the um the summary of resources here uh I um we again we will be making this available not just here what Sarah posted in the chat but afterwards if you go to the service now Community you'll be able to find these links but just one more time uh whether we're talking about the Partner Finder so that way you can get a subject matter expert to help you along with that implement mentation or the now learning to access those now create resources or take classes or the community so you can engage and interact with other service now experts or your peers out there in the in the um in the the customer Community um that product documentation that's something you're going to want to hold on to for a long time and then the uh the support website if if you need help if there's something not functioning or you just need to read up about maybe there's a um a fix to something that you've been having an issue with that's support. servicenow.com that's where you're G to find that one more plug for the Symposium that we're doing in a couple weeks at our headquarters again this is a free event uh all you need to do is show up um Sarah I'm gonna you know what I'm going to let you actually talk about this a little bit more in casee you want to say anything else about connect and then we'll get into the questions because you could speak to this better than I can no I think we covered it in the beginning pretty well but for anyone that kind of joined later you know we'd love to see you there it's a free event for our customers partners are going to be there you can share resources share best practices and uh you know we'll have breakfast lunch we'll have a networking reception I'd encourage you to check out the agenda on the website or by scanning the QR code we'll share that again in the chat and yeah we'd love to see you there so please join us register we'll we'll keep an eye out for for your registration and I guess just to wrap it up at the last couple minutes this is part of our live on service now Series so if you're in the community and you want to check out more events um you can go ahead and register for more we'll be running office hours next week for SE op so feel free to join us