Identify and Respond to

Security Threats Faster

Agenda

2 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

• Customer Challenges

• Palo Alto Networks & ServiceNow

• Integration Overview

• Demo

• Call To Action

• References & Q&A

Security Teams are Overwhelmed

Manual ToolsToo Many Alerts

& No Context

Limited Staff &

Siloed from IT

Security IT

The Core Problem: Missing Critical Incidents

Response - How do we quickly organize and act on the detection noise?

• Consolidate Information

• Understand Business Impact

• Execute Consistent Workflow

• Manage Service Levels

• Auto Remediate

• Capture Metrics

• Enable IT, Security, & BU Collaboration

• Meet Audit and Regulatory Requirements

• SIEM

• Firewall/IPS/IDS

• Identity & Access

• Threat/Intel

• Vulnerability Detection

• Network Security

• Security Endpoint

Detection

Security &IT Teams

Thousands of events per day… people can’tscale to meet the volume

The Wrong Tools Are Being Used for Response

Identify and Respond Faster

6 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

• Ability to accelerate threat identification• Leverage threat visibility to initiate response

• Speed up decision making• Overlay rich context to empower response teams

• Reduce time to eradicate• Automated protection deployment

• Reduce attack surface

• Convert unknown threats to known entities

7 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

Palo Alto Networks

Palo Alto Networks Platform

8 | © 2015, Palo Alto Networks. Confidential and Proprietary.

NETWORK

SECURITY

CLOUD-DELIVERED SECURITY SERVICES

ADVANCED ENDPOINT

PROTECTION

CLOUD

SECURITY

WildFireThreat Prevention URL Filtering AutoFocus Logging Service LightCyber MineMeld

Next-Generation Firewall GlobalProtect Traps Aperture

Cloud-Delivered Security

9 | © 2015, Palo Alto Networks. Confidential and Proprietary.

WildFire

CLOUD-DELIVERED SECURITY SERVICES

AutoFocus/MineMeld

15,000 Anti-Malware

Protections per Day

24,000 URL

Protections per Day

13,500 DNS

Protections per Day

Protections Delivered

Automatically in 5 Minutes

Rich Forensics and

Reporting for Quick,

Detailed Investigation

10 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

ServiceNow

© 2017 ServiceNow All Rights Reserved

ServiceNow System of Action

Secure & Compliant ScalableMulti-Instance

Intelligent Automation Engine

BUSINESS APPSIT SECURITY HRCUSTOMER SERVICE

WorkflowServiceCatalog

KnowledgeBase

DeveloperTools

ContextualCollaboration

SingleDatabase

ServicePortal

Subscription & Notification

Performance Forecasting

Predictive Modeling

OrchestrationReports & Dashboard

s

Anomaly Detection

PeerBenchmarking

Cloud

Services

Now

Platform™

Nonstop

Cloud

The Need: Enterprise Security Response

ENTERPRISE SECURITY RESPONSE

Security Incident

ResponseWorkflow

Automation &

Orchestration

Deep IT

Integration

Vulnerability

Response

Threat

Intelligence

Security Operations: Security Incident Response

• Integrates with 3rd party threat detection

systems and SIEMs

• Prioritize incidents based on business impact

• Enrich incidents with threat intelligence

• Automation and workflows reduce manual

tasks

• Improve collaboration between IT, End Users

and Security TeamsSecurity Incident

Response

14 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

Palo Alto Networks & ServiceNow

Security Operations Integration

Integration Overview

15 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

• Next-Generation Firewall, WildFire, AutoFocus &

ServiceNow Security Operations enterprise security

response solution

Security Incident

ResponseAutoFocusWildFireFirewall

Integration Example

16 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

Enrichment

Approval & Action

Firewall Block

3

Catalyst

1

CMBDAutoFocus WildFire

Next-Generation Firewall

2

Other Integrations

17 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

• Aperture & ServiceNow Apps

• Connects directly to apps for complete visibility and reporting and

granular policy enforcement

• NGFW & ServiceNow ITSM

• Basic incident creation

• Streamlined process for responding to incidents with ServiceNow

workflows, routing, and communication tools

18 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

Demo

Call To Action

19 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

• Contact your ServiceNow and Palo Alto Networks account managers

• Crawl, Walk, Run approach:• Send Security Alerts from NGFW to ServiceNow

• Enable enrichment with WildFire and AutoFocus

• Automate your Security Incident Response process with ServiceNow

• Enable remediation actions

• We encourage your feedback

References

20 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

• Palo Alto Networks: https://www.paloaltonetworks.com/

• ServiceNow: https://www.servicenow.com/

• AutoFocus: https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/autofocus

• WildFire: https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/wildfire

• ServiceNow Security Operations: https://www.servicenow.com/products/security-operations.html

• Integration: https://docs.servicenow.com/bundle/jakarta-security-management/page/product/secops-integration-palo-alto/concept/palo-alto-networks-integration.html

21 | © 2017 Palo Alto Networks, Inc. Confidential and Proprietary.

Q&A