ServiceNow announced new strategic Security Operations-focused integrations with Microsoft, extending the two companies existing partnership. The announcement was made at Knowledge 2021, ServiceNow's flagship digital experience for its customers, partners, and developer community. New integrations with the ServiceNow Security Operations Solution Suite include Microsoft Azure Sentinel, Microsoft Threat & Vulnerability Management, Microsoft Teams, and Microsoft SharePoint. These integrations will help security operations teams make smarter decisions across security planning, management, and incident response.

The last year has seen an alarming increase in cyberattacks aimed at major corporations, governments, and critical infrastructure during COVID-19. Disparate standalone security solutions have proven to be ineffective at assisting security operations teams to effectively detect, investigate, and respond to this increased volume of security threats. This not only wastes time and resources but can also fuel incidents to evolve into full-scale breaches.

According to Gartner, "The threat and attack surface that Security Operations must address continues to grow as businesses expand their use of cloud services like SaaS and cloud infrastructure and platform services, as OT/industrial control system (ICS) environments become more connected, and as workers are more distributed."¹ With one platform, one data model, and one architecture, the Now Platform is breaking down silos created by solutions that weren't designed to work together, and the new Security Operations integrations with Microsoft take this a step further.

"Nearly 80 percent of the Fortune 500 rely on ServiceNow's ‘platform of platforms'," said Lou Fiorello, VP & GM of Security Products, ServiceNow. "More and more, customers are seeing the value of running security operations processes on the platform, leveraging enterprise business context, and automating workflows across the enterprise in real-time. The powerful new integrations announced today tie Microsoft's security products into the ServiceNow Security Operations ecosystem, helping security teams gain the context needed to prioritize and act on security incidents faster and more efficiently than ever."

"In an increasingly hostile world, the only real competition is the bad actors and nation state adversaries," said Eric Doerr, VP Cloud Security at Microsoft Corp. "Our integrations with Microsoft Security Solutions and ServiceNow Security Operations products enables customers to gain system-wide visibility, automate security workflows, and respond rapidly to incidents to build a safer and more secure world for all."

Making smarter decisions across security planning, management, and incident response

As organizations settle into hybrid work, they can save millions of dollars with fully deployed and automated security solutions. For example, one healthcare organization with experience using ServiceNow Security Operations experienced a three-year benefit of $2.4 million ². Integrating Microsoft Azure Sentinel with ServiceNow Security Incident Response (SIR) puts this into practice by facilitating automated knowledge and evidence sharing to catch security incidents early and prevent them from impacting customers.

The entire process across investigation, management, and response is simplified by deploying central platforms for detection and response, reducing the burden on the security operations teams, and potential errors by automating and orchestrating end-to-end incident response workflows. This approach provides critical information and context through an enhanced view of an organization's security posture for security operations teams to accelerate investigation of security threats and reduce overall response times.

"With COVID accelerating movement to the cloud, we've seen Microsoft Azure Sentinel take off with customers in all industries who need a cloud-native SIEM to enable their remote workforce while improving their security posture," said Brian Rizman, Partner - Risk and Security Practice, Edgile. "Our customers see ServiceNow Security Incident Response as a strategic platform that enables a scalable data and workflow bridge to security, risk and IT tools. As a longtime partner of both Microsoft and ServiceNow, we see better operational resiliency and greater cost savings when these two worlds are integrated."

Other ServiceNow Security Operations integrations with Microsoft announced today include:

• Microsoft Teams integration with Major Security Incident Management (a feature of ServiceNow Security Incident Response) that streamlines and improves collaboration on critical security incidents through automated setup of dedicated Teams channels and sharing of collaboration and chat activities to the major security incident case record to maintain transparency of communications.

• SharePoint integration with Major Security Incident Management (a feature of ServiceNow Security Incident Response) centralizes the evidence gathered by teams during critical security incidents by automating the creation of SharePoint folder structures. The artefacts created by the different incident response groups are consolidated for visibility in the major security incident case record.

• Microsoft Threat & Vulnerability Management integration with ServiceNow Vulnerability Response takes in asset information, vulnerabilities, and recommendations by prioritizing vulnerabilities using asset and business context and driving remediation workflows. Remediation owners are able to action the highest risk items using pre-populated solution details to improve the security posture of an organization.

General availability of Azure Sentinel and Microsoft Threat & Vulnerability Management integrations is expected starting June 2021. Limited availability of Microsoft Teams and SharePoint integrations is expected in June 2021, with general availability planned later in the year.