Some incidents pose serious threats to the security of Lots to Lose Inc., others not as much. Recognizing high risk from low required time-consuming correlation of threat data from disparate tools. This was a time-consuming process that required a senior security analyst with years of experience. Critical incidents often went unnoticed for months.
ITS is helping Lots to Lose Inc work their way up the SecOps maturity model. A longer term goal is to take advantage of ServiceNow SecOps ability to automatically correlate threat data with an in-depth knowledge of the business and environment in order to intelligently prioritize incidents.
BUSINESS UNDERSTANDING: ITS took the time to configure a detailed profile of the business, enabling ServiceNow to understand the business context for each incident.
THREAT CORRELATOR: A single alert from a single tool doesn’t always prove an incident has occurred. The new approach automatically correlates all the incoming data and intelligently understands it in the context of how a potential problem could affect the business.
SEVERITY CALCULATOR: ServiceNow analyzes the potential impact and urgency of each incident to assign it a definitive priority value that can be used to determine where it fits in the incident response queue.