ServiceNow users can now benefit from TruSTAR’s data-centric security intelligence management ecosystem to better inform incidents and improve response.
With TruSTAR Intelligence Management for ServiceNow Security Incident Response (SIR), ServiceNow users can now prepare and normalize security intelligence data from multiple sources to distribute information between teams, industry peers, and other data systems, helping accelerate automation to remediate threats fast. TruSTAR first started working with ServiceNow in 2018 to enrich intelligence in case management. This new integration unlocks critical threat intelligence sharing capabilities for ServiceNow users.
In March 2020, the Cyberspace Solarium Commission outlined the “need for greater information sharing [dissemination] between security experts in order to help organizations counter new and emerging security challenges.” For example, an attack discovered in one enterprise can help prevent the proliferation of the same attack by sharing and operationalizing intelligence between organizations. To effectively do this, security teams require a tool that securely controls and manages intelligence.
TruSTAR allows companies to centralize, normalize and prioritize cyber intelligence to help accelerate response. Working with ServiceNow SIR, TruSTAR helps reduce analyst investigation time by automating intelligence integration, cutting back on manual-based data ingestion to speed incident investigations within ServiceNow SIR. TruSTAR also extends ServiceNow security orchestration and automation response (SOAR) capabilities by creating built-in sharing flows, and providing programming of threat intelligence data normalization and preparation, making it easier to perform investigations off of highly-scored events or indicators.
TruSTAR for ServiceNow SIR allows users to ingest, extract, enrich, normalize, prioritize, and take action on observables based on sources, and share intelligence in a secure, governed way. Users can deliver automated, accurate intelligence, reduce employee uncertainty, minimize false positives, and help accelerate detection and remediation of cyber threats and attacks. Users can also retain historical context for threat attack analysis.
“The mission of data-centric security automation is to transform cyber intelligence to make it actionable for automation. TruSTAR’s intelligence management integration with ServiceNow SIR platform is the perfect combination for enterprise security and IT operations leaders looking to streamline collaboration, accelerate their automation roadmap and show real improvement in their Mean-Time-to-Resolution,” says Patrick Coughlin, CEO of TruSTAR.
“With TruSTAR’s multi-source contextual enrichment integrated directly with ServiceNow Security Incident Response, our users will be able to respond to security incidents fast, and reduce false positives and time wasted on redundant investigations. TruSTAR and ServiceNow users will also be able to seamlessly and securely share incident reports and IoCs with other teams, trusted groups, ISACs and ISAOs,” says Lou Fiorello, Vice President and General Manager of Security Products at ServiceNow.
TruSTAR for ServiceNow SIR features allow users to:
- Add threat enrichment attributes to the indicators associated with security incidents
- Export Security Incident data and extracted IOCs to TruSTAR for further correlation
- Leverage ServiceNow's Threat Lookup to provide verdict from TruSTAR on malicious observables associated with security Incidents
- Custom tag indicators in ServiceNow and store them in TruSTAR enclaves for historical context
- Share TruSTAR reports and IoCs across ISACs/ISAOs and internal teams via enclaves
- Whitelist observables in ServiceNow that will be reflected in TruSTAR’s whitelist library
Download Now to unlock fast intel distribution between teams, industry peers, and other data systems.
Learn more about this integration here: https://www.trustar.co/integrations/servicenow-integration