Automate all your security tools and work seamlessly with IT

With Security Operations, realize the full value of your Now Platform® solution. Many organizations struggle with identifying security threats and vulnerabilities, prioritizing them, and coordinating with IT to remediate them. Using Security Operations, security analysts and vulnerability managers can seamlessly automate their security tools and communicate with IT by working in a unified platform.

View and download the full infocard for a highlight of Security Operations features.

	Identify, prioritize, and remediate vulnerabilities in software, operating systems, and assets The ServiceNow® Vulnerability Response application helps organizations identify and respond quickly and efficiently to vulnerabilities. Scan data from leading vendors to give your teams a single platform for response that can be shared between security and IT to resolve vulnerabilities.
	Identify, prioritize, and remediate critical security incidents The ServiceNow® Security Incident Response application simplifies the process of identifying critical incidents by applying powerful workflow and automation tools that speed up remediation.
	Identify, prioritize, and remediate misconfigured assets The ServiceNow® Configuration Compliance application prioritizes and remediates misconfigured assets using data gathered from third-party security configuration assessment scans.
	Access your company's Structured Threat Information Expression (STIX) data The ServiceNow® Threat Intelligence application helps incident responders find Indicators of Compromise (IoC) and hunt for low-lying attacks and threats. The results are reported directly to security incidents.
	Access Security Operations with your mobile device Access the Vulnerability Response and Security Incident Response applications on your Now Platform instance with your Android or iOS mobile device. As a remediation owner or security analyst, manage security incidents and vulnerability groups so that you can begin remediation without being tied to your desktop.

Identify, prioritize, and remediate vulnerabilities in software, operating systems, and assets

The Vulnerability Response application imports and automatically groups vulnerable items according to group rules enabling you to remediate vulnerabilities quickly. Vulnerability data is pulled from internal and external sources, such as the National Vulnerability Database (NVD) or third-party integrations. Compare vulnerability data pulled from internal and external sources. For any vulnerable items, create change requests and security incidents using vulnerability groups to remediate issues and mitigate risk.

Identify, prioritize, and remediate critical security incidents

With the Security Incident Response (SIR) application, integrate your existing Security Information and Event Manager (SIEM) tools with Security Operations applications to import threat data (via APIs or email alerts), and automatically create prioritized security incidents. Manage the life cycle of your security incidents from initial analysis to containment, eradication, and recovery. The Security Incident Response application enables you to get a comprehensive understanding of incident response procedures performed by your analysts, and understand trends and bottlenecks in those procedures with analytic-driven dashboards and reporting.

Identify, prioritize, and remediate misconfigured assets

With the Configuration Compliance application, use test results obtained from third-party Strong Customer Authentication (SCA) integrations to verify compliance with security or corporate policies. This application uses the assets listed on the ServiceNow® Configuration Management Database (CMDB) to determine which items are most critical. Workflows and automation enable quick action against individual assets or groups for bulk changes. Identify and remediate non-compliant configuration items. Automatically import policies, tests, authoritative sources, and technologies and assign test results to groups or individuals for remediation.

Access your company's Structured Threat Information Expression (STIX) data.

Use the Threat Intelligence application to automatically search threat feeds for relevant information when an IoC is connected to a security incident and can send IoCs to third-party sources for additional analysis. The Threat Intelligence application uses Structured Threat Information Expression (STIX) as a language to describe cyber threat information in a standardized and structured manner.

Mobile experience for Security Operations

Access the Vulnerability Response and Security Incident Response applications on your Now Platform instance with your Android or iOS mobile device.

Get started

• For an overview about Security Operations in your Now Platform instance, see Understanding Security Operations.
• For information about all the Security Operations applications available for download from the ServiceNow Store, see Security Operations and the ServiceNow Store.