ServiceNow Security Operations Reviews

I am still working as a solution architect with ServiceNow solutions. I work with a technical stack that includes portfolio management, security operations, and CMDB. I have approximately eight to nine months of experience with ServiceNow Security Operations. I am a contractor, and the customer is already a partner of ServiceNow, so I build the governance and manage the platform. All enterprise-based companies where enterprise architecture is in place would benefit from ServiceNow Security Operations. Every company should consider implementing this product.

The vulnerabilities and common vulnerabilities data, along with the automatic resolution based on integration with tools such as Qualys, Tenable, or Microsoft Defender, are the features I found most valuable in ServiceNow Security Operations. The vulnerability response and the watchdog are the features where the security operation team would consistently benefit. It gives control over vulnerabilities and what types of vulnerabilities should be monitored. These features are very seamless, and the workspace along with the unified view of the entire application is something that is very impressive.

The transition by integrating third-party tools with ServiceNow Security Operations is very easy and seamless. That is a great feature provided by ServiceNow.

The market price is slightly high. The pricing should be a little lower because this is a SaaS-based product. Everyone using ServiceNow might be getting many modules, but the overall module cost becomes high with license consumption one by one. I personally see that if ServiceNow is to grow over the next decade, they need to work on the pricing part.

Cheap providers are emerging, and in the age of AI, it is evident that the chatbot and the virtual agent features, which are prominent features of ServiceNow, could be completely compromised and replaced by people choosing other tools. If ServiceNow develops a strategy to lower the price and increase the customer base, it could help ServiceNow to grow for another decade.

I encountered one issue in ServiceNow Security Operations. The different tools, for example, Tenable and TVM, discovered vulnerabilities that had very limited information when imported. However, the same vulnerabilities from different sources, the TVM and Tenable, had shorter descriptions than what was present in the common vulnerabilities or CVE. If this depends on the implementer, such as Tenable or how other security operations implement them, the text was very limited. Customers were asking questions about why this was happening and if ServiceNow was working properly. The vulnerability information should be updated and the common text should be displayed every time, regardless of how many different tools are used for integration.

The vulnerability database should be consistent when it comes to the description to avoid confusion for customers implementing it for the first time. This is an improvement that ServiceNow can make.

I have been working for nine months in the field of security operations.

I would rate technical support for ServiceNow Security Operations as a six out of ten in terms of faster resolution. Every time anyone raises a high priority ticket, it goes to P3 first, and then someone has to request to increase the priority. The support team will come, take the update, and pass on the message. Two to three days occur in the overall process, and finally, the technical team will be involved. If the technical resolution could be quicker, such as having the technical team join the call or start reviewing the incident raised on high priority within a day, that would provide a different perspective to all customers of ServiceNow.

Positive

The initial setup of ServiceNow Security Operations is very straightforward.

ServiceNow Security Operations integrates very easily with third-party security tools. I am involved mostly with ServiceNow and not with other vendors.

I use ServiceNow Security Operations for FortiGating purposes, such as creating incidents, reports, and requests.

ServiceNow Security Operations has helped me in getting more precise results. For example, there was an incident that happened a couple of months back, and with a keyword from the incident's description, I can find the information quickly by providing the keyword and the client's name, making it easier to manage incidents. The development team constantly provides new features for upgrading with the latest plugins.

In my opinion, there are many useful features in ServiceNow Security Operations, and I feel it deserves a perfect rating.

I would like to see new features added, particularly regarding the incident upgrading part. For instance, if you have an instance and need to transfer it to a particular team, being able to show that the status is still in progress, which is currently in a beta version, would definitely help people to understand that the status has changed for the incident.

I have been using ServiceNow Security Operations for four point six years, since the beginning of my career as an analyst, and now I am an admin. It has been quite four point six years I'm using it, and I am loving it. We call it SNOW, actually, and there are many things you can do in this tool, including reporting, searching, and managing parent and child incidents.

I see a return on investment with ServiceNow Security Operations.

In my opinion, the pricing is quite affordable considering the features, and I do not find it expensive. I would not call it cheap; rather, I am looking at it as a product owner.

For someone looking to use ServiceNow Security Operations, I recommend that they read about the documentation and spend one or two hours familiarizing themselves with FortiGating, and that will be enough to start their job well.

I have not used any other ServiceNow solutions like DevOps or IT operations management, but I plan to explore that in the next month or couple of months.

I do have plans to use ServiceNow Security Operations even more in the future. I would rate this product nine out of ten.

The customer implementing ServiceNow Security Operations uses it for gate lock reactivations, Wi-Fi network router management, IP address whitelisting, website blacklisting, and vulnerability assessments.

When phishing incidents or other security issues need to be resolved in the ServiceNow Security Operations Incident Response module, it directly fetches data about users receiving phishing emails, enabling research and appropriate resolution. Through integration, data from third-party tools is also accessible.

In ServiceNow Security Operations, vulnerability assessments are conducted based on IT band and other factors. If there are open ports or other vulnerabilities in the system, incidents are raised, resolved, and monitored until completion to ensure the vulnerability no longer exists after resolution.

Integration is crucial in ServiceNow Security Operations because everything must be integrated to obtain data. Without integration, the solution is not as beneficial as expected. In SecOps, real-time data is essential to avoid discrepancies between real-time events and ServiceNow data.

Multiple tools integrate with ServiceNow Security Operations, with Qualys being one of them.

ServiceNow Security Operations collects data from various sources and presents it in a single, respectable format for assessment and action. The main benefit is not having to access separate tools for different data. It provides a unified user experience where all work and fixes can be managed from one location.

ServiceNow Security Operations is not specifically a vulnerability management or incident tool, but rather a data aggregator. It would be beneficial if, similar to the Discovery module which assesses all CIs present in the company, there was a way to assess CIs directly within ServiceNow Security Operations to obtain vulnerability information. Currently, third-party tools are required for this functionality.

ServiceNow Security Operations is moving towards GenAI capabilities. While current AI functionality is not optimal, future improvements are anticipated.

I have been working in ServiceNow Security Operations for six months.

We have configured only out-of-the-box features in ServiceNow Security Operations. It follows the standard process of creating security incidents automatically, which teams then resolve.

There are no complaints regarding stability.

It is highly scalable because most tools integrate with ServiceNow Security Operations.

I have contacted ServiceNow for various issues, including dashboard-related problems, and they have been helpful with everything. They provided quick resolutions.

The support for ServiceNow Security Operations rates nine and a half to ten out of ten.

Positive

The setup process is easy. The implementation took four months, though the configuration requirements were minimal. The specific time depends on company requirements. ServiceNow Security Operations can function as a live maintenance tool or operate with a single version, depending on organizational needs.

I am developing and using it as a development solution.

It is relatively expensive but manageable.

Initially, acquire basic knowledge about the system and understand how ServiceNow Security Operations operates with other tools. This understanding is essential before starting the implementation process to avoid confusion. On a scale of 1-10, this solution receives an 8.

For my customers, I deploy ServiceNow Security Operations, which is always in a cloud environment as it is a SaaS application. There is a provision for on-prem deployment, but the support is minimal from ServiceNow.

ServiceNow Security Operations provides significant control over vulnerabilities, allowing users to mark false alarms as false positives and ignore them, which is important because many vulnerabilities are not real but appear as such. There are many aspects that we could handle. For certain vulnerabilities, remediation requires spending extra on hardware or OS upgrades, or purchasing new versions, which implies a cost. For that reason, we can take an exception for a couple of months or days, and once that exception expires, that vulnerability automatically reappears.

These features help us ensure that everything is under control, and when we discuss vulnerabilities, we can consolidate them into one central category, which means working on one vulnerability automatically resolves the rest, making it efficient with the features provided.

In terms of improvements, there are several things that could enhance ServiceNow Security Operations in the future, especially regarding false positives or exceptions, which usually require filling out questionnaires asking why you want to classify something as a false positive. It's challenging for users because they use survey-based questions.

Additionally, visibility and transitions between teams present significant challenges in the SecOps space, indicating that substantial training and hand-holding are required to improve usability, which is one observation I have had.

Regarding the time to deploy ServiceNow Security Operations, implementation takes about a month or two, particularly because there might be challenges with discovery aspects. If challenges arise, ServiceNow would indicate that it's not their problem, suggesting you speak to Rapid7 or Qualys and necessitating meetings where ServiceNow and Rapid7 have to discuss the specific problems together. That becomes a challenge when trying to integrate with any other third parties.

When discussing support, for ITSM, there isn't a single support team; it varies based on the topic. Different teams interact depending on the category, such as change management, CMDB, employee central, and even Virtual Agent within ITSM, where specialists handle set roles. When discussing SecOps, it involves an entirely different team.

I would rate support for SecOps via the same portal; we don't need to worry about differences in support.

Positive

The process is overcomplicated and takes time because we need functional guides specifically for the vulnerability management side; if they are in control, things would become simple. If they don't know what they're dealing with, then it becomes more complicated.

There is a need for someone to validate that the integration is successful and that things are working as expected. If they don't do their job correctly, it returns to the implementation team, asking why things are happening a certain way. As an implementation team, we implement it, but the functional people have to validate it, and if they don't perform their responsibilities, it becomes difficult and challenging.

I would recommend doing it in the cloud. I would rate ServiceNow Security Operations an eight with all its flaws and benefits included.

If we encounter challenges while deploying, we raise incidents. These incidents are categorized by priority: high, medium, and low. We assign an incident number and notify the relevant teams to address the issue. For instance, if we experience a problem with Cloud services or any other issue, we will raise an incident and suggest a course of action. Similarly, they are categorized into expedited, emergency, normal, and planned changes when raising change requests.

Every tool we are using, such as PNC, ServiceNow, Jira, and many others, is fine. 

Multiple projects use the ServiceNow tool because it is a low-cost and open-source tool.

I have been using ServiceNow Security Operations for four years.

I rate the solution’s stability an eight out of ten.

I rate the solution’s scalability an eight out of ten.

Sometimes, I have connected with the help desk, and then the team has resolved it.

Positive

The initial setup is easy and takes five minutes, depending on the code. If you provide a large amount of code, it will naturally take more time to execute. On the other hand, if you use a more efficient amount of code, it will take less time to run.

ServiceNow is a very wide platform, but we use incident and change management.

I recommend the solution because it is a cost-effective tool.

Overall, I rate the solution an eight out of ten.

I use ServiceNow for ticketing purposes. Specifically, I raise tickets between the support team. This is used by internal teams within the company for managing support-related tasks.

ServiceNow is a convenient platform to raise tickets, and the respective support team will contact us to resolve any issues. Although the platform is neither exceptional nor poor, it facilitates communication and organization within the support framework.

Report generation within ServiceNow can take some time. Additionally, there are occasional issues when raising a ticket, which can also consume time.

I have been using ServiceNow from the beginning for about four years.

I have not faced any issues with the stability of ServiceNow.

We do not really contact ServiceNow support since it is used by our internal teams within the company.

Neutral

I will give ServiceNow an overall rating of eight out of ten. I will recommend it to others as it is an enterprise application used by large companies for ticketing purposes.

Customer awareness and understanding of ServiceNow's SecOps capabilities could be improved, as many clients may not fully utilize the platform's potential due to a lack of awareness or training.

I have been using ServiceNow Security Operations for 12 years. 

I rate the platform's stability a nine out of ten. 

While ServiceNow Security Operations can cater to small and medium-sized businesses, our primary focus is on enterprise-level clients.

I rate the scalability around eight out of ten. 

They could improve the technical support services regarding response times. 

Neutral

I would rate the initial setup process an eight. 

It is an expensive product. I rate the pricing an eight out of ten. 

ServiceNow Security Operations offers extensive capabilities for managing security incidents, including vulnerability management, ITSM suite integration, and proactive threat response.

The scalability and flexibility, particularly in terms of threat intelligence and incident response, make it a valuable tool for shared intelligence among stakeholders.

It leverages a robust orchestration engine and automation tools to streamline security incident response, improve efficiency, and reduce manual intervention.

It has helped optimize security costs by consolidating multiple tools into one platform.

We have utilized various integration capabilities within the product, including connectors for third-party tools like Zscaler, Palo Alto, and Tenable.

I rate it an eight out of ten. 

ServiceNow Security Operations is used for threat intelligence and managing issues, offences or incidents. 

The SOAR module of ServiceNow Security Operations is the most valuable feature and it can be managed easily. 

ServiceNow needs to do a better job marketing and selling ServiceNow Security Operations because there is huge competition in the market, especially from products like IBM SOAR. ServiceNow needs to inform potential customers about the value of ServiceNow Security Operations. 

In future versions of ServiceNow Security Operations, the dashboard and playbook creation will need to improve. The product should have a plug-and-play approach. 

I have been working with ServiceNow Security Operations for a year. 

I would rate the stability an eight out of ten. The solution is highly stable, and at our company, we haven't faced any challenges. 

I would rate the scalability a seven out of ten. I have noticed that professionals prefer to scale the solution by integrating with third-party modules of Palo Alto and IBM SOAR instead of using native ServiceNow modules. Most of the customers in our company are medium and large enterprises and almost every customer is using ServiceNow Security Operations. Each client of our organization has more than a thousand users of ServiceNow Security Operations. 

I would rate the technical support a six out of ten. The support team needs to provide solutions faster. 

Neutral

The solution can be setup very easily using the available documentation around ServiceNow Security Operations. In some cases, professionals have faced challenges in integrating the product with other tools. I would rate the initial setup a seven out of ten.

The deployment duration depends on multiple factors, but in my experience, it takes around three to four weeks. The deployment can be completed in two days as well based on the dependencies, but in our company, we faced some issues so it took us longer for the complete deployment of ServiceNow Security Operations. Our company faced minor issues with the firewalls that needed to be opened in various modules. 

I would rate the product's pricing a six out of ten. Compared to competitor tools, ServiceNow Security Operations is more affordable. 

I would rate ServiceNow Security Operations as seven out of ten. I would definitely recommend the product to others, it's a one-stop solution for most requirements.

Before adopting the solution, I would advise others to explore the components of ServiceNow and especially the security component. Most professionals use ServiceNow Security Operations as a ticketing or incident creation tool, but it can also be used as a security tool. 

We use it on a daily basis. We received tickets in ServiceNow. We can connect with the user using the ServiceNow application. 

We can drop an email, use the top bar, create filters, see how many tickets we have, monitor daily usage, track received tickets, and manage follow-ups. We can also manage dependent tickets and the "Accredited Fine."

The "follow" feature is really good. If the user is not responding, there's an option to "follow". Just click on the button, and it will automatically trigger an email to the end user.

In future releases, I would like to add a follow-up and reminder feature. For the tickets in our queue, we could set reminders. This would help us prioritize older tickets before moving on to new ones.

I have been using this solution for three to four months now. 

It's a stable solution. We use it daily.

We have around 500 end users using this solution in our organization. 

The customer service and support have provided me with solutions for troubleshooting issues.

They respond in a timely manner and provide solutions.

Positive

It doesn't require a separate application; it's accessible via a browser. We use it browser-based.

I'd suggest starting with ServiceNow. It's an excellent tool. You can tailor it to your understanding and generate various reports. I'd definitely recommend it.

Overall, I would rate the solution an eight out of ten.

My primary use cases with this solution are focused on automation, particularly integrating security operations with pen-testing tools like Nessus, BurpSuite, and Kali Linux.

The platform has significantly improved my organization by automating process gaps, streamlining tasks such as notifications, and enhancing the workflow. Its SaaS-based cloud solution offers the flexibility to adapt to various organizational needs.

The product's most valuable features include the no-code capability for workflows and flow design, which makes it user-friendly, and the ability to perform advanced configurations. 

One area for improvement for the product is the need to tailor and alter some codes for customization, which can cause issues during upgrades. It does not support customized operations.

I have been using ServiceNow Security Operations for six years now.

The solution's stability has been solid in my experience, with no significant challenges or problems encountered.

As a cloud-based platform, scalability is inherently present. It is well-equipped to handle growth.

The support has been effective in resolving issues when they arise.

The product is more expensive than other solutions like Archer but offers more features, making the pricing justifiable.

I rate ServiceNow Security Operations an eight out of ten.