UPDATED 19:00 EST / MARCH 12 2019

SECURITY

Q&A: Automating preventive cybersecurity at ServiceNow

An evolving tech landscape faces new security risks to decentralized internet of things and mobile endpoints, as well as the increasing amount of sensitive data in the cloud. By employing the use of that data in automated systems that manage the more repetitive work of digital protection, Sean Convery (pictured), vice president and general manager of the Security & Risk Business Unit at ServiceNow Inc., and his team are creating new opportunities for security innovation.

Convery spoke with Jeff Frick (@JeffFrick), host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the RSA Conference in San Francisco. They discussed ServiceNow’s new security offerings and how its partnership with Forescout is enabling greater asset management and visibility for end users. (* Disclosure below.)

[Editor’s note: The following answers have been condensed for clarity.]

What’s been going on at ServiceNow in the security space?

Convery: As our customers have started to get into production now with the security capabilities, as well as our risk capabilities, they’re realizing the benefits of having IT, security and risk on the same platform. They’re starting to manage risk in a holistic way by leveraging operational data on the platform.

If you think about what auditors and compliance people need to do, they’re essentially checking the state of all these compliance tasks throughout an organization. All that data is already in ServiceNow. So, how do you now automate? We take all those mundane tasks around compliance and risk and roll that up to clear, visible risk indicators [and] manage that in a continuous way — what we call continuous monitoring for risk.

How [has] … the assessment of risk changed over time?

Convery: The risk profile is going to continue to modify. What’s important for security teams, risk teams, IT teams is to make sure they’re actually using risks … as their North Star for guiding their security investments. You need to be looking at the risks to your organization, the evolving risk as people shift to cloud … and how you guide your security investments in favor of that. What we’re seeing at ServiceNow is a renewed interest in hygiene. Back to basics.

Your teams want to be focused on the interesting parts of their jobs. If they’re dealing with mundane, phishing response, vulnerability prioritization, it takes the wind out of their sails. But if you can automate those mundane tasks using a digital workflow platform like ServiceNow, then suddenly you free that time up so they can be focused on much more advanced attacks where you want the creative humans focused.

One of the best ways to reduce your attack surface is to manage your vulnerability program in an effective way. If you can deal with patching more efficiently … your inflow of incidents reduces. Then you automate the incidents that remain, and suddenly you’ve got massive time savings.

How long have you been working with Forescout? How do the two systems work together?

Convery: We’ve been working with Forescout for a while. We’ve actually got a number of integrations that are live on the ServiceNow store and customers in production using Forescout. On the asset management, asset discovery side of the house, Forescout has a wealth of capabilities around giving us information about endpoint assets, whether they be traditional assets or IoT assets, and we can feed that directly into the CMDB, our configuration management database, to help manage the overall assets within an organization.

[Then] using the security capabilities inside ServiceNow, we can trigger actions inside Forescout’s environment to block, remediate, isolate when we see something bad happening related to an incident or a vulnerability that we discover.

As people are plugging systems in, typically you want to do that in an agentless way. That’s what Forescout’s really known for, discovering, analyzing what these devices are. The more incoming data we have into our CMDB, the more valuable that is to our customers.

What are your priorities for 2019?

Convery: Really to build on what we just announced. Madrid, our major ServiceNow release, just hit today. We have an exploit enrichment in our vulnerability system now, so we can know is there a [vulnerability], how critical is it … has it been exploited or not?

The big thing for us at ServiceNow is mobile in 2019. The big capability we announced is native mobile capability. ServiceNow is all about interconnecting all these various departments and making these classic processes digital workflows. Now you can have that same consumer grade mobile experience on your enterprise infrastructure. You can build a custom application, custom workflow, and you don’t have to know anything about how to code.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference. (* Disclosure: Forescout Technologies Inc. sponsors theCUBE’s coverage of the RSA Conference. Neither Forescout nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU