ServiceNow Security Operations Reviews

I am a security architect. I construct the solutions. ServiceNow Security Operations is on-premises, however, it's a hybrid model where you can have a public cloud also working in tandem with your on-site deployment.

The main use case is SecOps or security operations. ServiceNow Security is a two-way ticketing model that gets integrated with Splunk, for example. Splunk will provide two-way integration into the service management process. You have Splunk on one end and ServiceNow on the other end. The tickets will be integrated between the two and be either manually or automatically created. The tickets can be initiated from either platform and automatically or manually pushed as well.

I like that you can also work the solution together as a hybrid modern service for your customers. At the backend, you can make the solution any way you would like, whether it is purely on-premises or a hybrid model. You can offer it as a service to your clients.

The most valuable features are service management and case management. It also takes care of problem management. ServiceNow Security Operations also takes care of GRC, governance, risk, and compliance, enabling it to provide risk assessment.

The product of ServiceNow Security Operations needs more features. The product is called SecOps, but it is not security operations in terms of SIEM solutions. It is not proven as a SOAR solution, security orchestration, or automation solution. It is a solution that can provide integration and some pieces of service management, change management, problem management, and GRC. Other pieces are required to complete the whole ecosystem, like security monitoring or orchestration automation. I don't believe ServiceNow Security has the capability or the desire to provide the whole ecosystem.

I have been working with ServiceNow Security for 10 years.

ServiceNow Security Operations is stable. It has been on the market for three decades. Particularly products like ITSM are stable.

The solution is scalable. This is primarily due to the ITSM tools. The actual security monitoring or security orchestration automation is done by other products like Splunk, LogRhythm, or QRadar to provide a holistic solution.

We have many engineers in the ServiceNow space. There are approximately 450 people who are dedicated to working on this, and we can ramp up quickly.

Customer service and support of ServiceNow Security would be rated a four out of five. They have good knowledge of their product, however, they lack knowledge about integrations with security point solutions. Their knowledge lacks if you are asking questions about SOAR or how SIEM works hand in hand with ServiceNow as an ITSM solution. 

Neutral

The initial setup of ServiceNow Security Operations is easy. It does not take too much time. It is a mature service management product. It is out-of-box integration for almost all the leading SIEM tools as well as SOC platforms. The setup is straightforward. 

It does depend on the use cases that need to be developed. Sometimes there are out-of-the-box use cases that can be integrated directly. Sometimes you might have certain applications which require you to make new use cases or have some integrations that are not available out of the box. In these cases, for custom integrations, you might have to do customer development, which would take a bit longer.

For a medium-sized deployment, it should not take more than two and a half months or eight to ten weeks. You would need a small team of approximately seven people to support that, depending on the operating window you are supporting.

The ROI from ServiceNow Security Operations is flat due to the high cost. If you go for the purely cloud-based model, you might get more efficiency. 

The solution is more expensive than BMC Remedy, the other ITSM tool available in the market. ServiceNow can charge a higher price because they have a monopoly in the ITSM domain. From a security point of view, the company promotes their security products and prices them lower than IBM or Splunk and then they bundle them with their ITSM suite to provide a holistic solution that a customer can get value from. However, on ITSM alone, they are not competitive. 

Their license is on a yearly subscription base. It is based on the number of subscribers and users. The price is determined by the number of people who will work on the platform and the number of people that will configure the platform and make the processes on it. 

I would rate this solution a seven out of ten overall.

My primary use cases with this solution are focused on automation, particularly integrating security operations with pen-testing tools like Nessus, BurpSuite, and Kali Linux.

The platform has significantly improved my organization by automating process gaps, streamlining tasks such as notifications, and enhancing the workflow. Its SaaS-based cloud solution offers the flexibility to adapt to various organizational needs.

The product's most valuable features include the no-code capability for workflows and flow design, which makes it user-friendly, and the ability to perform advanced configurations. 

One area for improvement for the product is the need to tailor and alter some codes for customization, which can cause issues during upgrades. It does not support customized operations.

I have been using ServiceNow Security Operations for six years now.

The solution's stability has been solid in my experience, with no significant challenges or problems encountered.

As a cloud-based platform, scalability is inherently present. It is well-equipped to handle growth.

The support has been effective in resolving issues when they arise.

The product is more expensive than other solutions like Archer but offers more features, making the pricing justifiable.

I rate ServiceNow Security Operations an eight out of ten. 

We use it on a daily basis. We received tickets in ServiceNow. We can connect with the user using the ServiceNow application. 

We can drop an email, use the top bar, create filters, see how many tickets we have, monitor daily usage, track received tickets, and manage follow-ups. We can also manage dependent tickets and the "Accredited Fine."

The "follow" feature is really good. If the user is not responding, there's an option to "follow". Just click on the button, and it will automatically trigger an email to the end user.

In future releases, I would like to add a follow-up and reminder feature. For the tickets in our queue, we could set reminders. This would help us prioritize older tickets before moving on to new ones.

I have been using this solution for three to four months now. 

It's a stable solution. We use it daily.

We have around 500 end users using this solution in our organization. 

The customer service and support have provided me with solutions for troubleshooting issues.

They respond in a timely manner and provide solutions.

Positive

It doesn't require a separate application; it's accessible via a browser. We use it browser-based.

I'd suggest starting with ServiceNow. It's an excellent tool. You can tailor it to your understanding and generate various reports. I'd definitely recommend it.

Overall, I would rate the solution an eight out of ten.

We have Elasticsearch, Data Stream, and other vulnerability scanning tools where we get vulnerable data, and we've integrated them with ServiceNow Security Operations. We would export the data and attach that to the penetration test request by first pushing and transforming the data. Vulnerable items will be created and mapped on ServiceNow Security Operations, then loaded to the penetration test or vulnerable items table.

We develop all these applications. In particular, we modify the fields forms,  then, based on the requirement, there'll be changes to the configuration and workflow, and we'll also develop the catalog item required. If we want to push data, we'll make a request and integrate it to push the data to the different tables on ServiceNow Security Operations.

These are our use cases for ServiceNow Security Operations.

ServiceNow Security Operations has improved the organization I belong to in terms of getting more customers. My organization has different clients; through ServiceNow Security Operations, different vulnerability data is easily managed and prevented. As my organization deals with diverse customers, it can show data to potential customers that vulnerability attacks could be avoided through ServiceNow Security Operations, which could result in my organization gaining more customers.

What I found most valuable in ServiceNow Security Operations is that it's very useful for any incoming vulnerability. For example, if my team finds any vulnerability on servers such as the CA and CMDB integrated with ServiceNow Security Operations, my team can make some changes. My team can map the vulnerabilities found on the CA server, make the changes required, and resolve the vulnerabilities before the system is attacked. You can avoid vulnerability attacks through ServiceNow Security Operations, so this is the best feature of the solution.

ServiceNow Security Operations is beneficial mainly for vulnerability response and engagement purposes.

An area for improvement I observed in ServiceNow Security Operations is the need to maintain correct CMDB data because if you're unable to do this, you can't perfectly maintain the vulnerability data. CMDB data in ServiceNow Security Operations needs to be accurate.

As I've been working on ServiceNow Security Operations for only seven months, I still need more time to try all its modules before I can give recommendations regarding additional features I'd like to see in the solution.

I've been working on ServiceNow Security Operations for seven months now.

ServiceNow Security Operations is a stable and reliable solution. I didn't see any performance-related issues from it.

ServiceNow Security Operations is easy to scale. I wasn't the one who scaled it, and I didn't touch the data from the other tools. Still, it's just a matter of going on a call, gathering the XML files and other requirements, figuring out how the data can be loaded into the different tables, mapping and integrating the data, creating different paths from the map, and loading the data.

When we're implementing ServiceNow Security Operations, and there are some issues regarding the solution not supporting our requirements, we'll raise cases with ServiceNow.

Once, we had an issue with multi-source CMDB, so we raised a case, and the ServiceNow team gave us a recommendation, so we applied that recommendation, and later on, ServiceNow told us that the problem's been fixed and that they also developed new functionality to address our issue.

We're satisfied with ServiceNow Security Operations support.

I only worked on ServiceNow Security Operations.

The initial setup for ServiceNow Security Operations isn't complex, and you can easily customize and deploy it for customers.

Deploying the solution requires one architect and two developers, and on average, it takes almost six months to deploy ServiceNow Security Operations. Still, if you have six people in the deployment team, it would only take three months to deploy, but that doesn't include customization, requirement gathering, and reporting.

We implemented ServiceNow Security Operations in-house.

I have strong experience with ServiceNow products, including ServiceNow Security Operations.

After ServiceNow Security Operations is deployed, you need to maintain the data, but the maintenance is easy in terms of data security and data scanning. Suppose you need to do some customizations, for example. In that case, you have different tools, so you'll need other data maps. Suppose you want to import more information from XML files, for instance. In that case, you need to customize, so this is what you have to do in terms of maintaining ServiceNow Security Operations data.

In my organization, three people use ServiceNow Security Operations, and four take care of other tools such as Qualys and Data Stream.

I'd recommend ServiceNow Security Operations, especially if you want to maintain your data and prevent any vulnerability attacks, for example, on the infrastructure. Suppose you have customers and you want to convince your customers to go with ServiceNow Security Operations. In that case, you should explain the benefits and consequences of not having the solution. You should also explain to potential customers how ServiceNow Security Operations can prevent vulnerabilities and how it can maintain the current CMDB. This solution is what I recommend for vulnerability response as it's beneficial for any customer and can help maintain infrastructure.

My rating for ServiceNow Security Operations is eight out of ten because it's a must-have tool in my organization to avoid any impact on the infrastructure and is always used for infrastructure monitoring. ServiceNow Security Operations should be mandatory for any organization to maintain data.

My organization is a gold partner of ServiceNow.

The solution is generally for operational use, and if there is any security incident, for example, somebody clicks a corrupt link, or there are phishing emails, we can raise a security incident and manage those incidents. 

The ease of use is great. The UI is very nice. 

Managing security incident tickets is easy. We can also customize the workflow according to our requirements.

The initial setup is easy.

It is stable. 

The solution can scale.

This is a pretty mature product.

All the CIs, the configuration items, were already present in ServiceNow. ServiceNow was a golden source of all those CIs and assets and that is also one of the reasons we went with ServiceNow.

It would be ideal if there were already integrations available in ServiceNow with third-party tools. That way, if they want to report something from Outlook as well, you can. That should be readily available, and we can just start using them immediately. The product needs more integrations in general.

We'd like customization to be easier in terms of the UI and using the dashboards. 

I've been using the solution for one year.

The solution is stable. There are no bugs or glitches. It doesn't crash or freeze. It is reliable. 

The solution can scale well. You can set up integrations and expand them. 

About 80% to 90% of the company is using the solution. However, not everyone can raise incidents. Maybe only 50% of users could do that.

I've never contacted technical support. 

The solution is straightforward and simple. 

In our case, it was a quite complicated setup due to the client's policies. It took us about three months to go live.

We were the third party that handled the initial setup for the client. 

I'm not aware of the pricing. I don't handle licensing. 

I'm a customer. 

Potential new users should have prior knowledge of ServiceNow. You cannot actually just directly go and start using it. There needs to be some knowledge transfer, and they need some basic idea about ServiceNow and what it can do. Similar to Virtual Agent, they cannot just start directly using that. 

I'd rate the solution eight out of ten. 

Basically, everything is consolidated into ServiceNow, so most organizations have configuration items in ServiceNow. ServiceNow has a vulnerability module as well, so it brings in data from third-party tools and it can utilize that data itself in Security Operations. We have risk management, GRC, et cetera, all in ServiceNow. It's easier to use everything under one platform rather than going here and there and bringing the data to and from everywhere, which is messy.

We are contracted by a federal organization to lead an engagement to integrate their existing Vulnerability scanner with ServiceNow SecOps Vulnerability Response with their existing ServiceNow ITSM solution.

The use case is to manage scan results from Tenable and help this organization better manage how these vulnerabilities are grouped, prioritized, assigned, processed, monitored and remediated. 

Integration with the existing Request, Incident, Change and Configuration Management processes are key.  Once a vulnerability is remediated, it needs to be confirmed via rescan and closed.  This process informs the system so future remediations are resolved faster and more efficiently.   

The engagement is still under way, but the use cases we are discovering will help automate existing manual processes, streamline processes, and reduce the overall level of effort needed to remediate vulnerabilities.

ServiceNow SecOps applications help organizations in many ways and can be implemented in phases using an agile implementation process focused on delivering value more quickly than the standard SDLC process. As an organization matures its processes, they can incrementally add additional integrations and implement additional functions.  The ServiceNow platform provides tremendous value to organizations that not only want to implement SecOps, but when integrated with IT Service Management, IT Operations Management, Software Asset Management, Governance Risk and Compliance, and into their overall strategy for digital and business transformation.

Forester and Gartner rate ServiceNow products and services with top marks.  For example, refer to "The Total Economic Impact (TEI) of ServiceNow IT Applications" report by Forrester for further details.  There are many other 3rd party reviews by other sources as well such as the following 2 examples:

* 2020 Gartner Magic Quadrant for Software Asset Management Tools Report

* ServiceNow Analyst Report - ServiceNow a VSM Solution Leader - Forrester Wave Value Stream Management Solutions, Q3 2020, 

Given their top ratings, ServiceNow continues to build on the innovative platform by adding depth and breadth to their platform, applications and services.  Just last year, ServiceNow became FedRAMP HIGH certified and helped migrate its customers to a more secure Government Computing Cloud (GCC) platform. 

ServiceNow's releases continues to grow both organically and through acquisition.  With each new release (usually 2 per year), ServiceNow provides customers with additional features, functions, applications and services that enables higher customer ROIs. For example, additional apps/tools are added to the platform (e.g. Integration Hub) which includes pre-built spokes that reduce the level of effort to integrate ServiceNow with other systems.  

In my experience, ServiceNow provides its customers/clients and prospects an excellent platform to modernize processes through pre-built workflows, low-code/no-code platform, custom development platform, and a wide offering of applications in the following suites:  ITSM, ITOM, ITBM, SecOps, GRC and HRSD applications.  

I have been implementing ServiceNow for four years. 

It's very stable.

It is very scalable.

Excellent support

The initial setup was straightforward. It's the people side of stuff that gets complicated.

The analysis you have to put it in with existing processes and the customer needs to adapt and adopt to the out of the box. Sometimes that gets politically challenged because people like to use the systems and processes, they're used to. It's not the technology. It's the impact on their day-to-day.

N/A - we are an implementer

significant

Pricing and licensing will vary according to the client and industry.  For example, some organizations (e.g. universities) have formed consortiums to pool their buying power.  

My advice would be that you have to be ready for the cultural change. ServiceNow offers organizations a great opportunity to transform the way they do things and break down silos for customers, employees, partners, and others.  

Organizations implementing ServiceNow should invest in training their teams and seeking certifications.

We provide knowledge transfer when we implement ServiceNow, but if organizations want to take over O&M, they need to ensure they have qualified, experienced administrators and developers.  

I would rate ServiceNow a nine and a half out of ten.

Our customers use ServiceNow Security Operations to handle their organization's legal structure. Additionally, they use it to define or share information about gifts received from third-party vendors.

The product's most valuable feature is customization.

It is challenging for the customers to understand the processes for SecOps. It needs to be simplified.

We have been using ServiceNow Security Operations for six to seven months.

The product is stable. However, we encounter minor issues related to stability. We can resolve them within 30 minutes to one hour with the help of their support team.

Our client has 20 to 30 instances managed by ServiceNow Security Operations. It is a scalable platform.

The initial setup is easy. We refer to the setup and installation guide provided by ServiceNow. They have good documentation, which makes it easier to handle the process. It takes a few hours to complete.

The number of executives required to implement it depends on different regions. We currently have a team of four resources and one solution architect to oversee the deployment.

Most clients prefer to deploy it on-premises for security reasons, but we suggest they go for the cloud version. We appoint one resource to take care of the maintenance post setup.

It is a good product. I rate it an eight out of ten.

We use ServiceNow Security Operations to enhance our cybersecurity efforts. By integrating with tools like Microsoft Defender and external threat intelligence, we assess and prioritize vulnerabilities in devices. This proactive approach helps us ensure the security of our internal systems and meet the specific needs of our clients, providing a robust defense against potential threats.

The most valuable aspect of working with ServiceNow is its meaningful and feature-rich product. In the cybersecurity field, especially in Japan, there is a notable scarcity of similar solutions. Partnering with ServiceNow has proven beneficial, allowing us to expand the product's coverage across various areas, not limited to operations alone. This versatility is a key strength that adds significant value to our cybersecurity efforts.

There is room for improvement in terms of developer support and documentation. While they offer some assistance, a more detailed and accurate set of guidelines would be beneficial for implementing their product modules effectively. The wide coverage of ServiceNow across various areas can be a bit challenging due to its legacy features, and transitioning between different sections requires a fair amount of knowledge and effort. Simplifying this process through enhanced documentation would greatly contribute to a smoother user experience.

I have been working with ServiceNow Security Operations for almost a year.

It is fairly scalable. In our organization, we have approximately 200 to 300 users working with ServiceNow Security Operations on the client side.

I have reached out to ServiceNow tech support with questions, but I have found that their responses sometimes lack detailed solutions for specific issues I encounter. In some cases, I had to conduct further investigations on my own, and there were instances where certain questions didn't receive a conclusive answer even after involving ServiceNow support. I would rate the support as a seven out of ten.

Neutral

I have worked with Symantec in proposing ITSM solutions for a client. Regarding ServiceNow, a significant advantage is its pre-designed structure, minimizing the need for extensive coding. This facilitates quick customization and integration. However, the broad coverage of features can be a drawback, requiring substantial time and effort to grasp. While it is a strong platform, introducing new functionalities in the Japanese market may take time due to current preferences. Overall, its flexibility and learning curve are key factors to consider.

Setting up ServiceNow Security Operations initially can be a bit complex, especially if you are new to the field. Based on my experience, having a background in security, hardware, infrastructure, and network alerts makes the process more manageable. However, for those less familiar with these areas, it might pose a challenge and require additional support from developers or individuals with relevant expertise. Overall, the complexity of the setup depends on one's familiarity with security and related domains.

My advice for those evaluating ServiceNow for their organization is to prioritize thorough documentation and extensive exploration of the platform. Building a solid understanding is crucial for successful implementation. Overall, I would rate ServiceNow Security Operations an eight out of ten.