Why Manual Processes Become Security Risks

While many organizations invest in detecting security issues, we regularly hear about companies being breached. Security teams fight the battle against cyber threats, and CISOs still struggle to answer the question: “Is my security posture improving or deteriorating?” Why is this happening?

A new study by Enterprise Strategy Group (ESG) shines light on this issue. Nearly 75% of those surveyed said that incident response tends to be based upon informal processes. And 93% of respondents say that their incident response effectiveness and efficiency is limited by the burden of manual processes. See the full report here.

Hindering Security

Security teams are inundated with alerts from multiple sources. They’re using emails, spreadsheets, and phone calls for cross-team handoffs and siloed security products.

With such practices in place, it’s no wonder that it takes enterprises an average of 206 days to spot a breach and an average of 69 days to contain it, according to the Ponemon Institute. And it’s not improving. Of those surveyed by ESG, 61% believe that incident response has become more difficult over the past two years.Security_Image_FINAL_04nw[2]

This story must sound familiar to IT teams who live it every day. We’ve seen that unstructured work drains productivity and keeps us on that treadmill.

In the case of security, using manual tools and processes not only hinders a team’s ability to find issues and solve them quickly, but also becomes a risk. Time to containment is key to reducing the cost and impact of a breach, which can improve a firm’s security posture.

In addition, the survey showed that the unhealthy reliance on manual tasks likely aggravates the divide between IT and Security teams. The two groups are often disconnected and their goals unaligned. Fixing most security incidents or threats requires collaboration between these teams.

Security Operations: A Holistic View

Buying more software to detect potential threats won’t bridge this gap. In fact, as my colleague Dave Wright often says, buying new software without revamping the process behind it, is like getting a shiny, new chassis and hitching up a team of horses in front. Gets you nowhere fast.

OPEN-SECURITY-INCIDENT

ServiceNow Security Operations dashboard

That’s where our new Security Operations offering comes in. We’ve extended our expertise in workflow, automation and orchestration to security. For the first time ever, there’s software that fundamentally transforms the process for security response.

Security Operations helps customers move to a centralized response process for incident response and vulnerability response via a single platform, giving a clear, fact-based view into security posture.

Today’s news is a first step. It’s our intent to not only modernize incident response but aid customers in the incident investigation process with more context and threat data down the road. We’ll apply our automation and orchestration to help customers respond faster — and even automatically.

This furthers ServiceNow’s guiding mission to apply a service orientation to all work tasks – HR, IT, facilities and now security.

For more information on our security offering, see the press release and our web site

Sean Convery
Sean Convery is vice president and general manager of the ServiceNow security business unit, responsible for delivering solutions that help organizations improve their security posture and team effectiveness. Prior to joining ServiceNow, he was vice president of product management at MobileIron, where he led strategy for the mobile security leader’s core products. Earlier in his career, Convery spent time at Cisco in security-focused product and architecture leadership roles. He also served as Chief Technology Officer (CTO) of Identity Engines, a startup focused in the then emerging role-based access control market.

Leave a Reply Text

Your email address will not be published.

Shares