How Lots-to-Lose Automated Incident Prioritization with ServiceNow

THE LEAKY FAUCET:

Manually prioritizing incidents was time-consuming and required a highly-experienced security analyst to get right.

Some incidents pose serious threats to the security of Lots to Lose Inc., others not as much. Recognizing high risk from low required time-consuming correlation of threat data from disparate tools. This was a time-consuming process that required a senior security analyst with years of experience. Critical incidents often went unnoticed for months.

THE MONKEY WRENCH:

ITS can analyze the business structure and configure SecOps to automatically prioritize incidents based on business impact.

ITS is helping Lots to Lose Inc work their way up the SecOps maturity model. A longer term goal is to take advantage of ServiceNow SecOps ability to automatically correlate threat data with an in-depth knowledge of the business and environment in order to intelligently prioritize incidents.

BUSINESS UNDERSTANDING: ITS took the time to configure a detailed profile of the business, enabling ServiceNow to understand the business context for each incident.

THREAT CORRELATOR: A single alert from a single tool doesn’t always prove an incident has occurred. The new approach automatically correlates all the incoming data and intelligently understands it in the context of how a potential problem could affect the business.

SEVERITY CALCULATOR: ServiceNow analyzes the potential impact and urgency of each incident to assign it a definitive priority value that can be used to determine where it fits in the incident response queue.

Want to read the other six real-world stories around Incident Response using ServiceNow?  Sign up today, and we'll send you a weekly story, plus we'll send you our excellent infographic entitled: "7 Keys to Resolving Security Incidents Faster Than People Speed."