ServiceNow delivers new security integrations with Microsoft

ServiceNow, Business, ServiceNow delivers new security integrations with Microsoft

ServiceNow has announced new strategic Security Operations-focused integrations with Microsoft, extending the two companies existing partnership.

The announcement was made at Knowledge 2021, ServiceNow’s flagship digital experience for its customers, partners, and developer community. New integrations with the ServiceNow Security Operations Solution Suite include Microsoft Azure Sentinel, Microsoft Threat & Vulnerability Management, Microsoft Teams, and Microsoft SharePoint. These integrations will help security operations teams make smarter decisions across security planning, management, and incident response. 

The last year has seen an alarming increase in cyberattacks aimed at major corporations, governments, and critical infrastructure during COVID-19. Disparate standalone security solutions have proven ineffective at assisting security operations teams to effectively detect, investigate, and respond to this increased volume of security threats. This not only wastes time and resources but can also fuel incidents to evolve into full-scale breaches. 

According to Gartner, “The threat and attack surface that Security Operations must address continues to grow as businesses expand their use of cloud services like SaaS and cloud infrastructure and platform services, as OT/industrial control system (ICS) environments become more connected, and as workers are more distributed.” With one platform, one data model, and one architecture, the Now Platform is breaking down silos created by solutions that weren’t designed to work together, and the new Security Operations integrations with Microsoft take this a step further.  

“Nearly 80 percent of the Fortune 500 rely on ServiceNow’s ‘platform of platforms’,” said Lou Fiorello, VP & GM of Security Products, ServiceNow. “More and more, customers are seeing the value of running security operations processes on the platform, leveraging enterprise business context, and automating workflows across the enterprise in real-time.  The powerful new integrations announced today ties Microsoft’s security products into the ServiceNow Security Operations ecosystem, helping security teams gain the context needed to prioritize and act on security incidents faster and more efficiently than ever.” 

“In an increasingly hostile world, the only real competition is the bad actors and nation state adversaries,” said Eric Doerr, VP Cloud Security at Microsoft Corp. “Our integrations with Microsoft Security Solutions and ServiceNow Security Operations products enables customers to gain system-wide visibility, automate security workflows, and respond rapidly to incidents to build a safer and more secure world for all.” 

Making smarter decisions across security planning, management, and incident response  

As organizations settle into hybrid work, they can save millions of dollars with fully deployed and automated security solutions. For example, one healthcare organization with experience using ServiceNow Security Operations experienced a three-year benefit of $2.4 million. Integrating Microsoft Azure Sentinel with ServiceNow Security Incident Response (SIR) puts this into practice by facilitating automated knowledge and evidence sharing to catch security incidents early and prevent them from impacting customers.  

The entire process across investigation, management, and response is simplified by deploying central platforms for detection and response, reducing the burden on the security operations teams, and potential errors by automating and orchestrating end-to-end incident response workflows. This approach provides critical information and context through an enhanced view of an organization’s security posture for security operations teams to accelerate the investigation of security threats and reduce overall response times.  

“With COVID accelerating movement to the cloud, we’ve seen Microsoft Azure Sentinel take off with customers in all industries who need a cloud-native SIEM to enable their remote workforce while improving their security posture,” said Brian Rizman, Partner – Risk and Security Practice, Edgile. “Our customers see ServiceNow Security Incident Response as a strategic platform that enables a scalable data and workflow bridge to security, risk and IT tools. As a longtime partner of both Microsoft and ServiceNow, we see better operational resiliency and greater cost savings when these two worlds are integrated.” 

Other ServiceNow Security Operations integrations with Microsoft announced today include:  

  • Microsoft Teams integration with Major Security Incident Management (a feature of ServiceNow Security Incident Response)thatstreamlines and improves collaboration on critical security incidents through automated setup of dedicated Teams channels and sharing of collaboration and chat activities to the major security incident case record to maintain transparency of communications. 
  • SharePoint integration with Major Security Incident Management (a feature of ServiceNow Security Incident Response) centralizes the evidence gathered by teams during critical security incidents by automating the creation of SharePoint folder structures. The artefacts created by the different incident response groups are consolidated for visibility in the major security incident case record. 
  • Microsoft Threat & Vulnerability Management integration with ServiceNow Vulnerability Response takes in asset information, vulnerabilities, and recommendations by prioritizing vulnerabilities using asset and business context and driving remediation workflows. Remediation owners are able to action the highest risk items using pre-populated solution details to improve the security posture of an organization.  


General availability of Azure Sentinel and Microsoft Threat & Vulnerability Management integrations is expected to start June 2021. Limited availability of Microsoft Teams and SharePoint integrations is expected in June 2021, with general availability planned later in the year. 

Additional information: 

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

How to defend against Active Directory attacks that leave no...

Amber Donovan-Stevens • 16th September 2021

Cybercriminals are using new tactics and techniques to gain access to Active Directory in novel ways, making their attacks even more dangerous—and more necessary to detect. This article will explore a few types of attacks have been seen in the wild that leave no discernable trail or, at least, any evidence of malicious activity, explains...

8th worst in Europe: Cybersecurity for UK business

Amber Donovan-Stevens • 10th September 2021

In the article, Hayley Kershaw, AdvanceFirst Technologies, analyses the data from recent research to identify successful cybersecurity practices from countries achieving the top-ranking and how, with the UK’s commitment to cybersecurity, businesses can improve.

Join our webinar on 28th September: How the digital nomad generation influences business behaviour