Security teams won’t have to deal with cyber threats all alone, thanks to Trusted Security Circles, says Mark Ackerman, sales director, Middle East for ServiceNow
CommsMEA: How will Trusted Security Circles improve sharing of threat intelligence?
ServiceNow recently launched Trusted Security Circles, a new cloud-based application, as an extension of our security platform. It gives enterprises the ability to share and receive hyper-relevant threat intelligence in near real-time.
What we found is that a number of customers are sharing threat information in different ways, but not in a structured format. As a natural evolution of our security platform, we introduced the ability to create Trusted Security Circles to help security teams with threat intelligence. With Trusted Security Circles, a security team may see suspicious activity in their network and will want to know if others in their defined community have also seen it. An anonymous query goes to other members of the chosen circle, and a sightings search is performed against the specified suspicious observables. If the number of sightings exceeds a set threshold, a security incident can be automatically opened in ServiceNow Security Operations. This serves as an early warning system, and can speed up response.
CommsMEA: Once the threats are identified, is the platform linked to threat redressal as well?
Most organisations do have some sort of threat intelligence as part of their security response, however, threat intelligence is only useful to an organisation if it is actionable. Mass market threat intelligence isn’t always relevant or timely. Trusted Security Circles is just one way to make sure that the threat intelligence is more real-time and actually allow security teams quicker access to the information. Arguably and more importantly though, one of the issues is that organisations are receiving trusted information and qualified security incidents but often they can’t associate that to a business service or actually understand what the priority of that is. This is where the ServiceNow Security Operations solution comes in.
The solution leverages the ServiceNow Configuration Management Database (CMDB) to map threats, security incidents, and vulnerabilities to business services and IT infrastructure. This mapping enables threat prioritisation based on business impact, ensuring that security teams are focused on what is most critical to the business. The inbuilt Security Incident Response module simplifies identification of critical incidents and provides workflow and automation tools to speed up remediation.
CommsMEA: Do you think this application will see many takers amongst telcos?
We certainly believe that Trusted Security Circles will garner significant interest from telcos. One of the most important reasons for this is the fact that telcos these days are diversifying their service portfolios massively. We have already seen some telcos in the region launch Managed Security Service Provider (MSSP) offerings, as an example. As their partner ecosystems grow, so too does the threat of an attack. With Trusted Security Circles, telcos will be better positioned to identify and respond to threats faster and more efficiently.