The Customer
The client is a prominent worldwide commercial real estate services and investment company operating in various regions. With a vast portfolio and a global presence, the company is a key player in the commercial real estate industry. They were already utilizing ServiceNow for IT Service Management (ITSM) and IT Operations Management (ITOM) before seeking assistance from our team.
The Challenge
The client faced several challenges that prompted them to seek our expertise.
The major issues included a focus on optimizing existing modules, establishing standardized processes, and addressing a backlog of work, especially in the Security Operations (SecOps) space. Although a basic SecOps implementation was done in 2017, the client acknowledged the need for a more robust setup. Additionally, they had recently upgraded to SecOps Enterprise and wanted to ensure it was configured correctly.
The Solution
The client's expectations for the solution were comprehensive, reflecting a strategic vision for optimizing their Security Operations. Firstly, the goal was to ensure the correct setup of SecOps and the establishment of standardized processes, fostering a secure and efficient operational environment. To maximize the potential of existing modules, the client aimed for a thorough optimization process, enhancing the overall capabilities of their systems.
Another crucial aspect involved eliminating manual processes by implementing better-established procedures or, where feasible, introducing automation. The focus extended to the Configuration Management Database (CMDB), where improvements were sought to enable efficient asset assignment based on vulnerabilities. Additionally, the client sought to improve reporting mechanisms, leading to increased operational efficiency through insightful data analysis.
In response to the client's expectations, our team proposed and executed a comprehensive solution that addressed each facet of the outlined objectives. This included the implementation of ServiceNow’s Security Incident (SIR) and Vulnerability Response to fortify the SecOps framework. Automation played a pivotal role, in the creation of automated processes for generating Security Incidents based on QRadar events and the development of complex automation flows for Proofpoint-specific use cases related to QRadar event Security Incidents. The Vulnerability Response was rebuilt from the ground up to enhance overall efficiency.
To integrate these solutions seamlessly, ServiceNow was configured with various tools and platforms, such as IBM QRadar, BitSight, Cofense, Rapid7 VR, VirusTotal, PaloAlto NGFW, RiskIQ, Carbon Black, Microsoft Azure Active Directory, HackerOne, and Anomoli. The SecOps application underwent optimization to ensure higher utilization and improved performance. This holistic approach ensured that the solution not only met but exceeded the client's expectations, providing a robust and streamlined SecOps environment aligned with their organizational goals.
Results
Following the successful implementation of the Security Incident and Vulnerability Response solution, the client experienced active and meaningful utilization of their SecOps framework. The adoption of this system demonstrated a seamless integration into their existing workflow, with teams effectively leveraging its capabilities to address security incidents and vulnerabilities promptly and efficiently.
This active utilization marked a transformative shift in the organization's cybersecurity practices, positioning them to proactively manage and respond to potential threats.
The integration of ServiceNow with various tools and platforms, coupled with the implementation of automation, led to a substantial reduction in issue resolution time. By automating the creation of Security Incidents based on QRadar events and streamlining complex Proofpoint-specific use cases, the organization achieved significant gains in operational efficiency. Issues that previously took considerable time to address were now resolved swiftly, minimizing potential risks and enhancing overall security posture. The ServiceNow integrations and automation synergized to create a more responsive and agile incident resolution process.
Furthermore, the efficiency and performance of the SecOps application were markedly improved. The optimization efforts undertaken by our team resulted in a system that not only met but exceeded performance expectations. The application now operates at peak efficiency, handling security incidents and vulnerabilities with precision and speed. The enhanced efficiency contributed to a more proactive security stance, allowing the organization to stay ahead of emerging threats.
The success of this project served as a testament to the effectiveness of the implemented solutions and established a solid foundation for an ongoing partnership. With additional projects already in the pipeline, the client expressed confidence in the continued collaboration, recognizing the value of our expertise in meeting their evolving needs. This fruitful partnership is poised to extend beyond the initial project, with future endeavors focusing on further enhancements and optimizations aligned with the client's cybersecurity objectives. As the organization continues to grow and adapt to changing security landscapes, our collaborative efforts aim to ensure that its security infrastructure remains resilient and effective in safeguarding its digital assets.
