Identify and Respond to Security Threats Faster with Palo Alto Networks and ServiceNow
-
Upload
servicenow -
Category
Technology
-
view
107 -
download
3
Transcript of Identify and Respond to Security Threats Faster with Palo Alto Networks and ServiceNow
Agenda
2 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
• Customer Challenges
• Palo Alto Networks & ServiceNow
• Integration Overview
• Demo
• Call To Action
• References & Q&A
Security Teams are Overwhelmed
Manual ToolsToo Many Alerts
& No Context
Limited Staff &
Siloed from IT
Security IT
The Core Problem: Missing Critical Incidents
Response - How do we quickly organize and act on the detection noise?
• Consolidate Information
• Understand Business Impact
• Execute Consistent Workflow
• Manage Service Levels
• Auto Remediate
• Capture Metrics
• Enable IT, Security, & BU Collaboration
• Meet Audit and Regulatory Requirements
• SIEM
• Firewall/IPS/IDS
• Identity & Access
• Threat/Intel
• Vulnerability Detection
• Network Security
• Security Endpoint
Detection
Security &IT Teams
Thousands of events per day… people can’tscale to meet the volume
Identify and Respond Faster
6 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
• Ability to accelerate threat identification• Leverage threat visibility to initiate response
• Speed up decision making• Overlay rich context to empower response teams
• Reduce time to eradicate• Automated protection deployment
• Reduce attack surface
• Convert unknown threats to known entities
Palo Alto Networks Platform
8 | © 2015, Palo Alto Networks. Confidential and Proprietary.
NETWORK
SECURITY
CLOUD-DELIVERED SECURITY SERVICES
ADVANCED ENDPOINT
PROTECTION
CLOUD
SECURITY
WildFireThreat Prevention URL Filtering AutoFocus Logging Service LightCyber MineMeld
Next-Generation Firewall GlobalProtect Traps Aperture
Cloud-Delivered Security
9 | © 2015, Palo Alto Networks. Confidential and Proprietary.
WildFire
CLOUD-DELIVERED SECURITY SERVICES
AutoFocus/MineMeld
15,000 Anti-Malware
Protections per Day
24,000 URL
Protections per Day
13,500 DNS
Protections per Day
Protections Delivered
Automatically in 5 Minutes
Rich Forensics and
Reporting for Quick,
Detailed Investigation
© 2017 ServiceNow All Rights Reserved
ServiceNow System of Action
Secure & Compliant ScalableMulti-Instance
Intelligent Automation Engine
BUSINESS APPSIT SECURITY HRCUSTOMER SERVICE
WorkflowServiceCatalog
KnowledgeBase
DeveloperTools
ContextualCollaboration
SingleDatabase
ServicePortal
Subscription & Notification
Performance Forecasting
Predictive Modeling
OrchestrationReports & Dashboard
s
Anomaly Detection
PeerBenchmarking
Cloud
Services
Now
Platform™
Nonstop
Cloud
The Need: Enterprise Security Response
ENTERPRISE SECURITY RESPONSE
Security Incident
ResponseWorkflow
Automation &
Orchestration
Deep IT
Integration
Vulnerability
Response
Threat
Intelligence
Security Operations: Security Incident Response
• Integrates with 3rd party threat detection
systems and SIEMs
• Prioritize incidents based on business impact
• Enrich incidents with threat intelligence
• Automation and workflows reduce manual
tasks
• Improve collaboration between IT, End Users
and Security TeamsSecurity Incident
Response
14 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
Palo Alto Networks & ServiceNow
Security Operations Integration
Integration Overview
15 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
• Next-Generation Firewall, WildFire, AutoFocus &
ServiceNow Security Operations enterprise security
response solution
Security Incident
ResponseAutoFocusWildFireFirewall
Integration Example
16 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
Enrichment
Approval & Action
Firewall Block
3
Catalyst
1
CMBDAutoFocus WildFire
Next-Generation Firewall
2
Other Integrations
17 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
• Aperture & ServiceNow Apps
• Connects directly to apps for complete visibility and reporting and
granular policy enforcement
• NGFW & ServiceNow ITSM
• Basic incident creation
• Streamlined process for responding to incidents with ServiceNow
workflows, routing, and communication tools
Call To Action
19 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
• Contact your ServiceNow and Palo Alto Networks account managers
• Crawl, Walk, Run approach:• Send Security Alerts from NGFW to ServiceNow
• Enable enrichment with WildFire and AutoFocus
• Automate your Security Incident Response process with ServiceNow
• Enable remediation actions
• We encourage your feedback
References
20 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.
• Palo Alto Networks: https://www.paloaltonetworks.com/
• ServiceNow: https://www.servicenow.com/
• AutoFocus: https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/autofocus
• WildFire: https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/wildfire
• ServiceNow Security Operations: https://www.servicenow.com/products/security-operations.html
• Integration: https://docs.servicenow.com/bundle/jakarta-security-management/page/product/secops-integration-palo-alto/concept/palo-alto-networks-integration.html