ServiceNow Security Operations Reviews

It's for internal and external security. There are some things that ServiceNow does. It's to do a comparison study. I just turn the numbers over.

We create the SSO catalog packages and such through ServiceNow.

We get an invoice or a statement, and we work off of what the client needs to have. A lot of times, I also go back to the business users and try to derive better requirements as they're not very good at it.

It does not have any good qualities.

The solution is stable.

Technical support has been good. 

You can't connect to anything. You've got to open more windows and know the right thing to ask for. It's a pain.

It doesn't interact with things very well. It takes a long time for them to set up an SSO catalog. It takes a long time for them to pull our security review. That's our pain point. The only thing you can do is, if you have a demand, you can attach a story to it. If someone already created a story, adding it to that demand is difficult. There are a lot of waterfall approaches with ServiceNow.

I've used the solution for the past year.

The solution seems to be stable. There are no bugs or glitches. It doesn't crash. 

I haven't dealt directly with scaling the solution and therefore cannot comment on it. 

We have 2,000 people using the solution.

We have our own tech support. Their support is good as well. They're very strong in the security role.

We used to use Jira. Jira was really good, and somebody knew ServiceNow and changed us to that.

I didn't get involved in the initial setup. That said, I would suppose it's complex due to our needs.

We don't have enough staff to maintain the solution. 

I'm not aware of the exact pricing. It's not an aspect I deal with.

We also work with ServiceNow since they're in-house. Our cab calls and security reviews are all done through ServiceNow. We might set them up in Azure or AWS. However, it still has to clear with ServiceNow.

When things are set up correctly it goes really smooth, however, it's getting there that takes time.

I'd rate the solution seven out of ten. 

We are contracted by a federal organization to lead an engagement to integrate their existing Vulnerability scanner with ServiceNow SecOps Vulnerability Response with their existing ServiceNow ITSM solution.

The use case is to manage scan results from Tenable and help this organization better manage how these vulnerabilities are grouped, prioritized, assigned, processed, monitored and remediated. 

Integration with the existing Request, Incident, Change and Configuration Management processes are key.  Once a vulnerability is remediated, it needs to be confirmed via rescan and closed.  This process informs the system so future remediations are resolved faster and more efficiently.   

The engagement is still under way, but the use cases we are discovering will help automate existing manual processes, streamline processes, and reduce the overall level of effort needed to remediate vulnerabilities.

ServiceNow SecOps applications help organizations in many ways and can be implemented in phases using an agile implementation process focused on delivering value more quickly than the standard SDLC process. As an organization matures its processes, they can incrementally add additional integrations and implement additional functions.  The ServiceNow platform provides tremendous value to organizations that not only want to implement SecOps, but when integrated with IT Service Management, IT Operations Management, Software Asset Management, Governance Risk and Compliance, and into their overall strategy for digital and business transformation.

Forester and Gartner rate ServiceNow products and services with top marks.  For example, refer to "The Total Economic Impact (TEI) of ServiceNow IT Applications" report by Forrester for further details.  There are many other 3rd party reviews by other sources as well such as the following 2 examples:

* 2020 Gartner Magic Quadrant for Software Asset Management Tools Report

* ServiceNow Analyst Report - ServiceNow a VSM Solution Leader - Forrester Wave Value Stream Management Solutions, Q3 2020, 

Given their top ratings, ServiceNow continues to build on the innovative platform by adding depth and breadth to their platform, applications and services.  Just last year, ServiceNow became FedRAMP HIGH certified and helped migrate its customers to a more secure Government Computing Cloud (GCC) platform. 

ServiceNow's releases continues to grow both organically and through acquisition.  With each new release (usually 2 per year), ServiceNow provides customers with additional features, functions, applications and services that enables higher customer ROIs. For example, additional apps/tools are added to the platform (e.g. Integration Hub) which includes pre-built spokes that reduce the level of effort to integrate ServiceNow with other systems.  

In my experience, ServiceNow provides its customers/clients and prospects an excellent platform to modernize processes through pre-built workflows, low-code/no-code platform, custom development platform, and a wide offering of applications in the following suites:  ITSM, ITOM, ITBM, SecOps, GRC and HRSD applications.  

I have been implementing ServiceNow for four years. 

It's very stable.

It is very scalable.

Excellent support

The initial setup was straightforward. It's the people side of stuff that gets complicated.

The analysis you have to put it in with existing processes and the customer needs to adapt and adopt to the out of the box. Sometimes that gets politically challenged because people like to use the systems and processes, they're used to. It's not the technology. It's the impact on their day-to-day.

N/A - we are an implementer

significant

Pricing and licensing will vary according to the client and industry.  For example, some organizations (e.g. universities) have formed consortiums to pool their buying power.  

My advice would be that you have to be ready for the cultural change. ServiceNow offers organizations a great opportunity to transform the way they do things and break down silos for customers, employees, partners, and others.  

Organizations implementing ServiceNow should invest in training their teams and seeking certifications.

We provide knowledge transfer when we implement ServiceNow, but if organizations want to take over O&M, they need to ensure they have qualified, experienced administrators and developers.  

I would rate ServiceNow a nine and a half out of ten.

We are a solution provider and ServiceNow is one of the products that we implement for our clients. Of the different ServiceNow modules, we are familiar with several, including Security Operations.

ServiceNow integrates with the helpdesk and our clients use it to manage their tickets. It is also used to keep track of security incidents and run periodic scans.  

My favorite feature is the application vulnerability scanner.

The threat intelligence module needs a better dashboard.

Having a single, unified dashboard that gives me a 360-degree view of all of the modules would be very useful.

I have not noticed any issues with stability.

Scalability has not been a problem.

The technical support is very good.

I have not personally deployed this product but from the feedback that I have heard, my understanding is that it is pretty easy.

This product is a good value for the money.

This is a product that I recommend, although I would advise consulting with them before beginning the implementation.

I would rate this solution a nine out of ten.

The solution is available over the cloud and is easy to manage.

A customer doesn't require much hardware infrastructure. There's virtual infrastructure on the cloud. Compared to in-house solutions and the maintenance required, it's quite good.

The solution needs to make customization easier. You cannot do much customization immediately. It requires an extensive workload. If the customization process was user-friendly, it would be much better.

I've been using the solution for two years.

The stability is okay, but it depends on the performance and how the user is interacting with the user login and the latency. 

Scalability has to be designed and decided before implementation. It depends on how much infrastructure the client wants to invest in and their future plans. These have to be taken into consideration prior to implementation so that the sizing will be correct.

Technical support is okay, but it takes a while to get issues resolved after submitting them or to get them to the next level because the initial support level isn't so technical in their knowledge.

The initial setup has a moderate level of difficulty. It's not simple, but it's not overly complex.

We're a consulting firm; we're experienced with the solution, so for us, setups are pretty straightforward and we handle them for the client.

The pricing in the industry is competitive. There are multiple vendors with the same enterprise-level solutions. Initially, the pricing was okay, but we can see they are starting to increase their pricing, however, in comparison to other effective solutions, it's fine. There may be other costs above the licensing fee as well.

We use the on-premises deployment model.

I'd rate the solution nine out of ten. It would help to offer global infrastructure monitoring. It doesn't give much visibility on the satellite or other infrastructure monitoring such as monitoring of servers, and applications, etc.

Deployment to customers looking to vastly reduce security incident response time and have an auditable trail of the post-mortem analysis on security incidents.

Reduces time to closure and closure metrics for vulnerabilities.

It has deployed a process framework to support a commonly unstructured security operations team.

Integration to other security tools allows for a consolidated view of all vulnerabilities, incidents, etc. for all sorts of leverage in a single platform to assess governance risk and compliance as well as an enhanced, enriched intelligence.

Process framework and best practices for ease of integration between IT and security teams via incident, problem, and change.

Definitely a slick solution based on the ServiceNow platform. It is easy to learn, deploy, and administer. A good array of integration options to the most popular security discovery tools, and integration with the rest of the ServiceNow platform provides huge benefits.