Enterprise security teams today face immense pressure from everyday incident response scenarios to the increased volume of alerts generated by disparate legacy security tools that limit both IT and security teams. What’s more, Security Operations (SecOps) and Incident Response (IR) teams lack the ability to do more than Block or Allow with their legacy secure web gateways. This friction limits how effective security teams can respond to a user request. That’s why together with ServiceNow, the new Netskope app for ServiceNow Security Incident Response (SIR) can provide greater incident management automation, reduce alert fatigue and overall operational costs to joint Netskope + ServiceNow customers. 

The new Netskope App for ServiceNow SIR is now exclusively available at the ServiceNow Store.

The new Netskope App for ServiceNow modernizes threat and data protection workflows for SecOps and IR teams by offering more productive security outcomes for administrators, such as real-time user coaching, which promotes better behaviors and resiliency when responding to incidents and alerts generated by Netskope–all within the ServiceNow admin dashboard.

By leveraging Netskope’s patented capabilities to understand and differentiate the context around user engagement with the Internet, the Netskope App for ServiceNow facilitates a number of workflows to automatically create, manage, and respond to events and incidents. As a result, users remain engaged and productive with the business tools they would otherwise be blocked from using, all while reducing the friction between IT departments and the volume of tickets generated by users.

Who is this for?

• Security operations administrators
• Incident response teams

Security and business outcomes

• Investigate and reduce time-to-respond to incidents and alerts through ticketing automation and enrichment informed by Netskope
• Manage threats or data protection events with Netskope data directly from the ServiceNow dashboard, thereby reducing alert fatigue and operational costs from time spent toggling between multiple interfaces
• Provide user coaching in real time over email while handling IT service management for any user triggering any type of alert, providing more choices for outcomes, beyond simple allow or block decisions
• Offer immediate lookups for SaaS application data protection posture for over 80,000 applications

Integration Technical Brief

1. Fetch all alerts (Except DLP) from a Netskope tenant and create a Security Incident
2. Retrieve application scores from Netskope
3. Retrieve UCI scores from Netskope and map them to corresponding ServiceNow users if applicable
4. Fetch and update URL category list, and maintain all the changes via change request
5. Update multiple hashes back to Netskope file list
6. Sandbox report request for scanning malicious .exe file and generating report for the same

The Integration places the necessary details from incidents/alerts into the IT and SecOps admins’ hands to enforce and enable users based on correlated and investigated findings in ServiceNow.

Netskope + ServiceNow Integration Matrix

In case you missed it, customers today have three options for working with Netskope and ServiceNow. Below, we have a matrix that showcases when each may be relevant to your security needs.

Please contact your ServiceNow sales team to request DLP incident support using the Netskope app for DLP IR written by and supported by ServiceNow.

Resources

• For a complete guide on the SIR integration, please refer to the following documentation here
• Netskope App for ServiceNow SIR - technical post