ServiceNow Security Operations Reviews

We use it on a daily basis. We received tickets in ServiceNow. We can connect with the user using the ServiceNow application. 

We can drop an email, use the top bar, create filters, see how many tickets we have, monitor daily usage, track received tickets, and manage follow-ups. We can also manage dependent tickets and the "Accredited Fine."

The "follow" feature is really good. If the user is not responding, there's an option to "follow". Just click on the button, and it will automatically trigger an email to the end user.

In future releases, I would like to add a follow-up and reminder feature. For the tickets in our queue, we could set reminders. This would help us prioritize older tickets before moving on to new ones.

I have been using this solution for three to four months now. 

It's a stable solution. We use it daily.

We have around 500 end users using this solution in our organization. 

The customer service and support have provided me with solutions for troubleshooting issues.

They respond in a timely manner and provide solutions.

Positive

It doesn't require a separate application; it's accessible via a browser. We use it browser-based.

I'd suggest starting with ServiceNow. It's an excellent tool. You can tailor it to your understanding and generate various reports. I'd definitely recommend it.

Overall, I would rate the solution an eight out of ten.

I am a security architect. I construct the solutions. ServiceNow Security Operations is on-premises, however, it's a hybrid model where you can have a public cloud also working in tandem with your on-site deployment.

The main use case is SecOps or security operations. ServiceNow Security is a two-way ticketing model that gets integrated with Splunk, for example. Splunk will provide two-way integration into the service management process. You have Splunk on one end and ServiceNow on the other end. The tickets will be integrated between the two and be either manually or automatically created. The tickets can be initiated from either platform and automatically or manually pushed as well.

I like that you can also work the solution together as a hybrid modern service for your customers. At the backend, you can make the solution any way you would like, whether it is purely on-premises or a hybrid model. You can offer it as a service to your clients.

The most valuable features are service management and case management. It also takes care of problem management. ServiceNow Security Operations also takes care of GRC, governance, risk, and compliance, enabling it to provide risk assessment.

The product of ServiceNow Security Operations needs more features. The product is called SecOps, but it is not security operations in terms of SIEM solutions. It is not proven as a SOAR solution, security orchestration, or automation solution. It is a solution that can provide integration and some pieces of service management, change management, problem management, and GRC. Other pieces are required to complete the whole ecosystem, like security monitoring or orchestration automation. I don't believe ServiceNow Security has the capability or the desire to provide the whole ecosystem.

I have been working with ServiceNow Security for 10 years.

ServiceNow Security Operations is stable. It has been on the market for three decades. Particularly products like ITSM are stable.

The solution is scalable. This is primarily due to the ITSM tools. The actual security monitoring or security orchestration automation is done by other products like Splunk, LogRhythm, or QRadar to provide a holistic solution.

We have many engineers in the ServiceNow space. There are approximately 450 people who are dedicated to working on this, and we can ramp up quickly.

Customer service and support of ServiceNow Security would be rated a four out of five. They have good knowledge of their product, however, they lack knowledge about integrations with security point solutions. Their knowledge lacks if you are asking questions about SOAR or how SIEM works hand in hand with ServiceNow as an ITSM solution. 

Neutral

The initial setup of ServiceNow Security Operations is easy. It does not take too much time. It is a mature service management product. It is out-of-box integration for almost all the leading SIEM tools as well as SOC platforms. The setup is straightforward. 

It does depend on the use cases that need to be developed. Sometimes there are out-of-the-box use cases that can be integrated directly. Sometimes you might have certain applications which require you to make new use cases or have some integrations that are not available out of the box. In these cases, for custom integrations, you might have to do customer development, which would take a bit longer.

For a medium-sized deployment, it should not take more than two and a half months or eight to ten weeks. You would need a small team of approximately seven people to support that, depending on the operating window you are supporting.

The ROI from ServiceNow Security Operations is flat due to the high cost. If you go for the purely cloud-based model, you might get more efficiency. 

The solution is more expensive than BMC Remedy, the other ITSM tool available in the market. ServiceNow can charge a higher price because they have a monopoly in the ITSM domain. From a security point of view, the company promotes their security products and prices them lower than IBM or Splunk and then they bundle them with their ITSM suite to provide a holistic solution that a customer can get value from. However, on ITSM alone, they are not competitive. 

Their license is on a yearly subscription base. It is based on the number of subscribers and users. The price is determined by the number of people who will work on the platform and the number of people that will configure the platform and make the processes on it. 

I would rate this solution a seven out of ten overall.

The solution is generally for operational use, and if there is any security incident, for example, somebody clicks a corrupt link, or there are phishing emails, we can raise a security incident and manage those incidents. 

The ease of use is great. The UI is very nice. 

Managing security incident tickets is easy. We can also customize the workflow according to our requirements.

The initial setup is easy.

It is stable. 

The solution can scale.

This is a pretty mature product.

All the CIs, the configuration items, were already present in ServiceNow. ServiceNow was a golden source of all those CIs and assets and that is also one of the reasons we went with ServiceNow.

It would be ideal if there were already integrations available in ServiceNow with third-party tools. That way, if they want to report something from Outlook as well, you can. That should be readily available, and we can just start using them immediately. The product needs more integrations in general.

We'd like customization to be easier in terms of the UI and using the dashboards. 

I've been using the solution for one year.

The solution is stable. There are no bugs or glitches. It doesn't crash or freeze. It is reliable. 

The solution can scale well. You can set up integrations and expand them. 

About 80% to 90% of the company is using the solution. However, not everyone can raise incidents. Maybe only 50% of users could do that.

I've never contacted technical support. 

The solution is straightforward and simple. 

In our case, it was a quite complicated setup due to the client's policies. It took us about three months to go live.

We were the third party that handled the initial setup for the client. 

I'm not aware of the pricing. I don't handle licensing. 

I'm a customer. 

Potential new users should have prior knowledge of ServiceNow. You cannot actually just directly go and start using it. There needs to be some knowledge transfer, and they need some basic idea about ServiceNow and what it can do. Similar to Virtual Agent, they cannot just start directly using that. 

I'd rate the solution eight out of ten. 

Basically, everything is consolidated into ServiceNow, so most organizations have configuration items in ServiceNow. ServiceNow has a vulnerability module as well, so it brings in data from third-party tools and it can utilize that data itself in Security Operations. We have risk management, GRC, et cetera, all in ServiceNow. It's easier to use everything under one platform rather than going here and there and bringing the data to and from everywhere, which is messy.

It's deployed on the ServiceNow-hosted GCC.

It streamlines processes. It collects data. It takes data and turns it into information. It allows you to manage through dashboards and work lists. It just improves every facet of the overall process.

It gives you the ability to bring data into the system. The workflows are out of the box, and it gives you the ability to auto-assign the incidents based on criteria and vulnerabilities. It gives you integration with the overall ITSM, platform workflows, notifications, ability to track SLAs, KPIs, reports, and transparency.

There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution.

I've been using this solution for two years.

It's very stable as long as it's configured and implemented properly.

It's absolutely scalable. We were working on one of the largest implementations in the world.

I would rate their technical support 5 out of 5.

I would rate setup 4 out of 5. It could be simpler.

Our implementation plan just depends. We use an agile process and we do iterative development and let people try and see how it works in the organization and then tweak it. That was the approach, on a spectrum of incremental improvement or continuous improvement.

The amount of staff needed for deployment and maintenance depends on the scale of what you're rolling out. You could implement it with three people, or you could implement it with a team of five or six. It depends on how you want to support it.

It depends on the number of assets. SecOps is a suite of applications comprised of vulnerability response, security incident response, configuration compliance, threat intelligence, and data loss prevention. I'm only talking about the vulnerability response.

If you're going to implement it on your own, there would be internal costs. If you're going to implement it through a contractor or consultant, you have to pay for that. Then you have to do the maintenance of two platform upgrades a year and enhancements. Those are services you need to think about when you're going to implement this.

I would rate this solution 10 out of 10. 

There's a change management perspective to it. Make sure you have your resources lined up, that you have executive sponsorship, and that your organization is ready for using the ServiceNow platform and implementing the application. You need to build a foundation, and then you need continuous improvement. You get a return on investment very quickly if you can remediate vulnerabilities quickly.

We use ServiceNow Security Operations to enhance our cybersecurity efforts. By integrating with tools like Microsoft Defender and external threat intelligence, we assess and prioritize vulnerabilities in devices. This proactive approach helps us ensure the security of our internal systems and meet the specific needs of our clients, providing a robust defense against potential threats.

The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product. In the cybersecurity field, especially in Japan, there is a notable scarcity of similar solutions. Partnering with ServiceNow has proven beneficial, allowing us to expand the product's coverage across various areas, not limited to operations alone. This versatility is a key strength that adds significant value to our cybersecurity efforts.

There is room for improvement in terms of developer support and documentation. While they offer some assistance, a more detailed and accurate set of guidelines would be beneficial for implementing their product modules effectively. The wide coverage of ServiceNow across various areas can be a bit challenging due to its legacy features, and transitioning between different sections requires a fair amount of knowledge and effort. Simplifying this process through enhanced documentation would greatly contribute to a smoother user experience.

I have been working with ServiceNow Security Operations for almost a year.

It is fairly scalable. In our organization, we have approximately 200 to 300 users working with ServiceNow Security Operations on the client side.

I have reached out to ServiceNow tech support with questions, but I have found that their responses sometimes lack detailed solutions for specific issues I encounter. In some cases, I had to conduct further investigations on my own, and there were instances where certain questions didn't receive a conclusive answer even after involving ServiceNow support. I would rate the support as a seven out of ten.

Neutral

I have worked with Symantec in proposing ITSM solutions for a client. Regarding ServiceNow, a significant advantage is its pre-designed structure, minimizing the need for extensive coding. This facilitates quick customization and integration. However, the broad coverage of features can be a drawback, requiring substantial time and effort to grasp. While it is a strong platform, introducing new functionalities in the Japanese market may take time due to current preferences. Overall, its flexibility and learning curve are key factors to consider.

Setting up ServiceNow Security Operations initially can be a bit complex, especially if you are new to the field. Based on my experience, having a background in security, hardware, infrastructure, and network alerts makes the process more manageable. However, for those less familiar with these areas, it might pose a challenge and require additional support from developers or individuals with relevant expertise. Overall, the complexity of the setup depends on one's familiarity with security and related domains.

My advice for those evaluating ServiceNow for their organization is to prioritize thorough documentation and extensive exploration of the platform. Building a solid understanding is crucial for successful implementation. Overall, I would rate ServiceNow Security Operations an eight out of ten.

Our customers use ServiceNow Security Operations to handle their organization's legal structure. Additionally, they use it to define or share information about gifts received from third-party vendors.

The product's most valuable feature is customization.

It is challenging for the customers to understand the processes for SecOps. It needs to be simplified.

We have been using ServiceNow Security Operations for six to seven months.

The product is stable. However, we encounter minor issues related to stability. We can resolve them within 30 minutes to one hour with the help of their support team.

Our client has 20 to 30 instances managed by ServiceNow Security Operations. It is a scalable platform.

The initial setup is easy. We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process. It takes a few hours to complete.

The number of executives required to implement it depends on different regions. We currently have a team of four resources and one solution architect to oversee the deployment.

Most clients prefer to deploy it on-premises for security reasons, but we suggest they go for the cloud version. We appoint one resource to take care of the maintenance post setup.

It is a good product. I rate it an eight out of ten.

The solution is available over the cloud and is easy to manage.

A customer doesn't require much hardware infrastructure. There's virtual infrastructure on the cloud. Compared to in-house solutions and the maintenance required, it's quite good.

The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better.

I've been using the solution for two years.

The stability is okay, but it depends on the performance and how the user is interacting with the user login and the latency. 

Scalability has to be designed and decided before implementation. It depends on how much infrastructure the client wants to invest in and their future plans. These have to be taken into consideration prior to implementation so that the sizing will be correct.

Technical support is okay, but it takes a while to get issues resolved after submitting them or to get them to the next level because the initial support level isn't so technical in their knowledge.

The initial setup has a moderate level of difficulty. It's not simple, but it's not overly complex.

We're a consulting firm; we're experienced with the solution, so for us, setups are pretty straightforward and we handle them for the client.

The pricing in the industry is competitive. There are multiple vendors with the same enterprise-level solutions. Initially, the pricing was okay, but we can see they are starting to increase their pricing, however, in comparison to other effective solutions, it's fine. There may be other costs above the licensing fee as well.

We use the on-premises deployment model.

I'd rate the solution nine out of ten. It would help to offer global infrastructure monitoring. It doesn't give much visibility on the satellite or other infrastructure monitoring such as monitoring of servers, and applications, etc.

We are contracted by a federal organization to lead an engagement to integrate their existing Vulnerability scanner with ServiceNow SecOps Vulnerability Response with their existing ServiceNow ITSM solution.

The use case is to manage scan results from Tenable and help this organization better manage how these vulnerabilities are grouped, prioritized, assigned, processed, monitored and remediated. 

Integration with the existing Request, Incident, Change and Configuration Management processes are key.  Once a vulnerability is remediated, it needs to be confirmed via rescan and closed.  This process informs the system so future remediations are resolved faster and more efficiently.   

The engagement is still under way, but the use cases we are discovering will help automate existing manual processes, streamline processes, and reduce the overall level of effort needed to remediate vulnerabilities.

ServiceNow SecOps applications help organizations in many ways and can be implemented in phases using an agile implementation process focused on delivering value more quickly than the standard SDLC process. As an organization matures its processes, they can incrementally add additional integrations and implement additional functions.  The ServiceNow platform provides tremendous value to organizations that not only want to implement SecOps, but when integrated with IT Service Management, IT Operations Management, Software Asset Management, Governance Risk and Compliance, and into their overall strategy for digital and business transformation.

Forester and Gartner rate ServiceNow products and services with top marks.  For example, refer to "The Total Economic Impact (TEI) of ServiceNow IT Applications" report by Forrester for further details.  There are many other 3rd party reviews by other sources as well such as the following 2 examples:

* 2020 Gartner Magic Quadrant for Software Asset Management Tools Report

* ServiceNow Analyst Report - ServiceNow a VSM Solution Leader - Forrester Wave Value Stream Management Solutions, Q3 2020, 

Given their top ratings, ServiceNow continues to build on the innovative platform by adding depth and breadth to their platform, applications and services.  Just last year, ServiceNow became FedRAMP HIGH certified and helped migrate its customers to a more secure Government Computing Cloud (GCC) platform. 

ServiceNow's releases continues to grow both organically and through acquisition.  With each new release (usually 2 per year), ServiceNow provides customers with additional features, functions, applications and services that enables higher customer ROIs. For example, additional apps/tools are added to the platform (e.g. Integration Hub) which includes pre-built spokes that reduce the level of effort to integrate ServiceNow with other systems.  

In my experience, ServiceNow provides its customers/clients and prospects an excellent platform to modernize processes through pre-built workflows, low-code/no-code platform, custom development platform, and a wide offering of applications in the following suites:  ITSM, ITOM, ITBM, SecOps, GRC and HRSD applications.  

I have been implementing ServiceNow for four years. 

It's very stable.

It is very scalable.

Excellent support

The initial setup was straightforward. It's the people side of stuff that gets complicated.

The analysis you have to put it in with existing processes and the customer needs to adapt and adopt to the out of the box. Sometimes that gets politically challenged because people like to use the systems and processes, they're used to. It's not the technology. It's the impact on their day-to-day.

N/A - we are an implementer

significant

Pricing and licensing will vary according to the client and industry.  For example, some organizations (e.g. universities) have formed consortiums to pool their buying power.  

My advice would be that you have to be ready for the cultural change. ServiceNow offers organizations a great opportunity to transform the way they do things and break down silos for customers, employees, partners, and others.  

Organizations implementing ServiceNow should invest in training their teams and seeking certifications.

We provide knowledge transfer when we implement ServiceNow, but if organizations want to take over O&M, they need to ensure they have qualified, experienced administrators and developers.  

I would rate ServiceNow a nine and a half out of ten.