This is the fourth and final part of our IT Security Operations series and first look into this new functionality within ServiceNow's Jakarta upgrade, if you have missed the previous blogs click here.
With the Trusted Circles subscription, each organization’s ServiceNow instance possesses the ability to share the latest observed threat intelligence information (e.g. suspicious activity observed on their network) and maintain up-to-date awareness of currently trending threats that have been witnessed and shared by others in the organization.
This capability is achieved by communicating shared threat information via a central trusted circles ServiceNow instance. Each organization has what’s known as their own unique ‘profile’ which governs what information they are willing to share and whom with; whether this is trusted peers only or posted anonymously to all other trusted circle subscribed ServiceNow customers.
I can see this may especially benefit government organizations, who provide essential public facing web services. If such an organization is using ServiceNow and receiving live event data from multiple SIEM tools e.g. NIDS, HIDS and a DDoS protection device; e.g. Arbors APS and deep-dive network forensics tool - Arbor Spectrum; these would enable any observed offensive network activity to be shared at the customer’s discretion.
Lastly … Have any concerns?
How secure is my data on the cloud? Not to worry, ServiceNow offers best-in-class methods to keep your data secure; offering multiple secure methods for user authentication, data access-control, secure VPN access, EDGE data encryption, IP Access-lists for restricting comms to specific IP endpoints, even On-premise installations and many more security features are available.
I can’t do this all at once! Do not worry, we are here to help you - you can incrementally roll-out support for new capabilities using the AGILE/SCRUM approach – all of our accredited ServiceNow consultants are well versed with this methodology and can merrily implement your requirements as stories according to your production timeline. It is not unusual for ServiceNow to provide customers with a Dev, Test and Production instance that permits new changes to be implemented, tested, rolled-out and rolled-back in a controlled manner.
This was the final of our IT Security Operations instalments; if you have any questions in relation to this series or wish to find out more about us, feel free to contact us using the contact details below.