ServiceNow Security Operations Review

SN SecOps offers a great set of features to better ingest information from Detection, SIEM, Vulnerability, and Threat Intelligent apps to better manage SecOps and ITSM.

What is our primary use case?

We are contracted by a federal organization to lead an engagement to integrate their existing Vulnerability scanner with ServiceNow SecOps Vulnerability Response with their existing ServiceNow ITSM solution.

The use case is to manage scan results from Tenable and help this organization better manage how these vulnerabilities are grouped, prioritized, assigned, processed, monitored and remediated. 

Integration with the existing Request, Incident, Change and Configuration Management processes are key.  Once a vulnerability is remediated, it needs to be confirmed via rescan and closed.  This process informs the system so future remediations are resolved faster and more efficiently.   

How has it helped my organization?

The engagement is still under way, but the use cases we are discovering will help automate existing manual processes, streamline processes, and reduce the overall level of effort needed to remediate vulnerabilities.

What is most valuable?

ServiceNow SecOps applications help organizations in many ways and can be implemented in phases using an agile implementation process focused on delivering value more quickly than the standard SDLC process. As an organization matures its processes, they can incrementally add additional integrations and implement additional functions.  The ServiceNow platform provides tremendous value to organizations that not only want to implement SecOps, but when integrated with IT Service Management, IT Operations Management, Software Asset Management, Governance Risk and Compliance, and into their overall strategy for digital and business transformation.

What needs improvement?

Forester and Gartner rate ServiceNow products and services with top marks.  For example, refer to "The Total Economic Impact (TEI) of ServiceNow IT Applications" report by Forrester for further details.  There are many other 3rd party reviews by other sources as well such as the following 2 examples:

* 2020 Gartner Magic Quadrant for Software Asset Management Tools Report

* ServiceNow Analyst Report - ServiceNow a VSM Solution Leader - Forrester Wave Value Stream Management Solutions, Q3 2020, 

Given their top ratings, ServiceNow continues to build on the innovative platform by adding depth and breadth to their platform, applications and services.  Just last year, ServiceNow became FedRAMP HIGH certified and helped migrate its customers to a more secure Government Computing Cloud (GCC) platform. 

ServiceNow's releases continues to grow both organically and through acquisition.  With each new release (usually 2 per year), ServiceNow provides customers with additional features, functions, applications and services that enables higher customer ROIs. For example, additional apps/tools are added to the platform (e.g. Integration Hub) which includes pre-built spokes that reduce the level of effort to integrate ServiceNow with other systems.  

In my experience, ServiceNow provides its customers/clients and prospects an excellent platform to modernize processes through pre-built workflows, low-code/no-code platform, custom development platform, and a wide offering of applications in the following suites:  ITSM, ITOM, ITBM, SecOps, GRC and HRSD applications.  

For how long have I used the solution?

I have been implementing ServiceNow for four years. 

What do I think about the stability of the solution?

It's very stable.

What do I think about the scalability of the solution?

It is very scalable.

How are customer service and technical support?

Excellent support

How was the initial setup?

The initial setup was straightforward. It's the people side of stuff that gets complicated.

The analysis you have to put it in with existing processes and the customer needs to adapt and adopt to the out of the box. Sometimes that gets politically challenged because people like to use the systems and processes, they're used to. It's not the technology. It's the impact on their day-to-day.

What about the implementation team?

N/A - we are an implementer

What was our ROI?


What's my experience with pricing, setup cost, and licensing?

Pricing and licensing will vary according to the client and industry.  For example, some organizations (e.g. universities) have formed consortiums to pool their buying power.  

What other advice do I have?

My advice would be that you have to be ready for the cultural change. ServiceNow offers organizations a great opportunity to transform the way they do things and break down silos for customers, employees, partners, and others.  

Organizations implementing ServiceNow should invest in training their teams and seeking certifications.

We provide knowledge transfer when we implement ServiceNow, but if organizations want to take over O&M, they need to ensure they have qualified, experienced administrators and developers.  

I would rate ServiceNow a nine and a half out of ten.

Which deployment model are you using for this solution?

**Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Add a Comment