Coming October 25: PeerSpot Awards will be announced! Learn more

ServiceNow Security Operations OverviewUNIXBusinessApplication

ServiceNow Security Operations is #2 ranked solution in top Security Incident Response tools and #6 ranked solution in SOAR tools. PeerSpot users give ServiceNow Security Operations an average rating of 8.0 out of 10. ServiceNow Security Operations is most commonly compared to Splunk Phantom: ServiceNow Security Operations vs Splunk Phantom. ServiceNow Security Operations is popular among the large enterprise segment, accounting for 74% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 22% of all views.
Buyer's Guide

Download the Security Incident Response Buyer's Guide including reviews and more. Updated: September 2022

What is ServiceNow Security Operations?

ServiceNow Security Operations is an Enterprise Security Response engine offering security incident response, vulnerability response, and threat intelligence. It’s built on the intelligent workflows, automation, orchestration, and deep connection with IT of the ServiceNow platform.

ServiceNow Security Operations Customers

DXC Technology, Freedom Security Alliance, Prime Therapeutics, Seton Hall University, York Risk Services

ServiceNow Security Operations Video

ServiceNow Security Operations Pricing Advice

What users are saying about ServiceNow Security Operations pricing:
  • "The solution is more expensive than BMC Remedy, the other ITSM tool available in the market."
  • "If you're going to implement it on your own, there would be internal costs. If you're going to implement it through a contractor or consultant, you have to pay for that."
  • ServiceNow Security Operations Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Tarun Singh - PeerSpot reviewer
    Manager Project Management at HCL Technologies
    Real User
    Top 5
    Takes care of problem management but does require more features
    Pros and Cons
    • "ServiceNow Security Operations also takes care of GRC, governance, risk and compliance, enabling it to provide risk assessment."
    • "The product is called SecOps, but it is not security operations in terms of SIEM solutions."

    What is our primary use case?

    I am a security architect. I construct the solutions. ServiceNow Security Operations is on-premises, however, it's a hybrid model where you can have a public cloud also working in tandem with your on-site deployment.

    The main use case is SecOps or security operations. ServiceNow Security is a two-way ticketing model that gets integrated with Splunk, for example. Splunk will provide two-way integration into the service management process. You have Splunk on one end and ServiceNow on the other end. The tickets will be integrated between the two and be either manually or automatically created. The tickets can be initiated from either platform and automatically or manually pushed as well.

    What is most valuable?

    I like that you can also work the solution together as a hybrid modern service for your customers. At the backend, you can make the solution any way you would like, whether it is purely on-premises or a hybrid model. You can offer it as a service to your clients.

    The most valuable features are service management and case management. It also takes care of problem management. ServiceNow Security Operations also takes care of GRC, governance, risk, and compliance, enabling it to provide risk assessment.

    What needs improvement?

    The product of ServiceNow Security Operations needs more features. The product is called SecOps, but it is not security operations in terms of SIEM solutions. It is not proven as a SOAR solution, security orchestration, or automation solution. It is a solution that can provide integration and some pieces of service management, change management, problem management, and GRC. Other pieces are required to complete the whole ecosystem, like security monitoring or orchestration automation. I don't believe ServiceNow Security has the capability or the desire to provide the whole ecosystem.

    For how long have I used the solution?

    I have been working with ServiceNow Security for 10 years.

    Buyer's Guide
    Security Incident Response
    September 2022
    Find out what your peers are saying about ServiceNow, IBM, Proofpoint and others in Security Incident Response. Updated: September 2022.
    636,406 professionals have used our research since 2012.

    What do I think about the stability of the solution?

    ServiceNow Security Operations is stable. It has been on the market for three decades. Particularly products like ITSM are stable.

    What do I think about the scalability of the solution?

    The solution is scalable. This is primarily due to the ITSM tools. The actual security monitoring or security orchestration automation is done by other products like Splunk, LogRhythm, or QRadar to provide a holistic solution.

    We have many engineers in the ServiceNow space. There are approximately 450 people who are dedicated to working on this, and we can ramp up quickly.

    How are customer service and support?

    Customer service and support of ServiceNow Security would be rated a four out of five. They have good knowledge of their product, however, they lack knowledge about integrations with security point solutions. Their knowledge lacks if you are asking questions about SOAR or how SIEM works hand in hand with ServiceNow as an ITSM solution. 

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    The initial setup of ServiceNow Security Operations is easy. It does not take too much time. It is a mature service management product. It is out-of-box integration for almost all the leading SIEM tools as well as SOC platforms. The setup is straightforward. 

    It does depend on the use cases that need to be developed. Sometimes there are out-of-the-box use cases that can be integrated directly. Sometimes you might have certain applications which require you to make new use cases or have some integrations that are not available out of the box. In these cases, for custom integrations, you might have to do customer development, which would take a bit longer.

    For a medium-sized deployment, it should not take more than two and a half months or eight to ten weeks. You would need a small team of approximately seven people to support that, depending on the operating window you are supporting.

    What was our ROI?

    The ROI from ServiceNow Security Operations is flat due to the high cost. If you go for the purely cloud-based model, you might get more efficiency. 

    What's my experience with pricing, setup cost, and licensing?

    The solution is more expensive than BMC Remedy, the other ITSM tool available in the market. ServiceNow can charge a higher price because they have a monopoly in the ITSM domain. From a security point of view, the company promotes their security products and prices them lower than IBM or Splunk and then they bundle them with their ITSM suite to provide a holistic solution that a customer can get value from. However, on ITSM alone, they are not competitive. 

    Their license is on a yearly subscription base. It is based on the number of subscribers and users. The price is determined by the number of people who will work on the platform and the number of people that will configure the platform and make the processes on it. 

    What other advice do I have?

    I would rate this solution a seven out of ten overall.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer:
    Flag as inappropriate
    PeerSpot user
    Director Delivery and ServiceNow Practice Lead at a computer software company with 51-200 employees
    Real User
    Top 5
    Streamlines processes, collects data, and allows you to manage the solution through dashboards
    Pros and Cons
    • "It gives you the ability to bring data into the system. The workflows are out of the box, and it gives you the ability to auto-assign the incidents based on criteria and vulnerabilities."
    • "There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution."

    What is our primary use case?

    It's deployed on the ServiceNow-hosted GCC.

    How has it helped my organization?

    It streamlines processes. It collects data. It takes data and turns it into information. It allows you to manage through dashboards and work lists. It just improves every facet of the overall process.

    What is most valuable?

    It gives you the ability to bring data into the system. The workflows are out of the box, and it gives you the ability to auto-assign the incidents based on criteria and vulnerabilities. It gives you integration with the overall ITSM, platform workflows, notifications, ability to track SLAs, KPIs, reports, and transparency.

    What needs improvement?

    There are limitations for the third-parties that are providing the inputs. They should increase the robustness of the solution.

    For how long have I used the solution?

    I've been using this solution for two years.

    What do I think about the stability of the solution?

    It's very stable as long as it's configured and implemented properly.

    What do I think about the scalability of the solution?

    It's absolutely scalable. We were working on one of the largest implementations in the world.

    How are customer service and support?

    I would rate their technical support 5 out of 5.

    How was the initial setup?

    I would rate setup 4 out of 5. It could be simpler.

    Our implementation plan just depends. We use an agile process and we do iterative development and let people try and see how it works in the organization and then tweak it. That was the approach, on a spectrum of incremental improvement or continuous improvement.

    The amount of staff needed for deployment and maintenance depends on the scale of what you're rolling out. You could implement it with three people, or you could implement it with a team of five or six. It depends on how you want to support it.

    What's my experience with pricing, setup cost, and licensing?

    It depends on the number of assets. SecOps is a suite of applications comprised of vulnerability response, security incident response, configuration compliance, threat intelligence, and data loss prevention. I'm only talking about the vulnerability response.

    If you're going to implement it on your own, there would be internal costs. If you're going to implement it through a contractor or consultant, you have to pay for that. Then you have to do the maintenance of two platform upgrades a year and enhancements. Those are services you need to think about when you're going to implement this.

    What other advice do I have?

    I would rate this solution 10 out of 10. 

    There's a change management perspective to it. Make sure you have your resources lined up, that you have executive sponsorship, and that your organization is ready for using the ServiceNow platform and implementing the application. You need to build a foundation, and then you need continuous improvement. You get a return on investment very quickly if you can remediate vulnerabilities quickly.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Implementer
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Security Incident Response
    September 2022
    Find out what your peers are saying about ServiceNow, IBM, Proofpoint and others in Security Incident Response. Updated: September 2022.
    636,406 professionals have used our research since 2012.
    Information Architect with 201-500 employees
    Real User
    Top 20
    Stable with good support but connections are not easy
    Pros and Cons
    • "The solution is stable."
    • "It doesn't interact with things very well."

    What is our primary use case?

    It's for internal and external security. There are some things that ServiceNow does. It's to do a comparison study. I just turn the numbers over.

    We create the SSO catalog packages and such through ServiceNow.

    We get an invoice or a statement, and we work off of what the client needs to have. A lot of times, I also go back to the business users and try to derive better requirements as they're not very good at it.

    What is most valuable?

    It does not have any good qualities.

    The solution is stable.

    Technical support has been good. 

    What needs improvement?

    You can't connect to anything. You've got to open more windows and know the right thing to ask for. It's a pain.

    It doesn't interact with things very well. It takes a long time for them to set up an SSO catalog. It takes a long time for them to pull our security review. That's our pain point. The only thing you can do is, if you have a demand, you can attach a story to it. If someone already created a story, adding it to that demand is difficult. There are a lot of waterfall approaches with ServiceNow.

    For how long have I used the solution?

    I've used the solution for the past year.

    What do I think about the stability of the solution?

    The solution seems to be stable. There are no bugs or glitches. It doesn't crash. 

    What do I think about the scalability of the solution?

    I haven't dealt directly with scaling the solution and therefore cannot comment on it. 

    We have 2,000 people using the solution.

    How are customer service and support?

    We have our own tech support. Their support is good as well. They're very strong in the security role.

    Which solution did I use previously and why did I switch?

    We used to use Jira. Jira was really good, and somebody knew ServiceNow and changed us to that.

    How was the initial setup?

    I didn't get involved in the initial setup. That said, I would suppose it's complex due to our needs.

    We don't have enough staff to maintain the solution. 

    What's my experience with pricing, setup cost, and licensing?

    I'm not aware of the exact pricing. It's not an aspect I deal with.

    What other advice do I have?

    We also work with ServiceNow since they're in-house. Our cab calls and security reviews are all done through ServiceNow. We might set them up in Azure or AWS. However, it still has to clear with ServiceNow.

    When things are set up correctly it goes really smooth, however, it's getting there that takes time.

    I'd rate the solution seven out of ten. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Download our free Security Incident Response Report and find out what your peers are saying about ServiceNow, IBM, Proofpoint, and more!
    Updated: September 2022
    Buyer's Guide
    Download our free Security Incident Response Report and find out what your peers are saying about ServiceNow, IBM, Proofpoint, and more!