ServiceNow, Microsoft Set to Deliver Broad SecOps Integration

Microsoft’s Azure Sentinel, TVM, Teams and SharePoint will integrate with ServiceNow’s Security Operations Suite.

Jeffrey Schwartz

May 24, 2021

3 Min Read

Longtime alliance partners ServiceNow and Microsoft are tying their respective security operations offerings together with Teams and SharePoint. The native integration, revealed last week, aims to make it easier for SecOps teams to detect and respond to incidents.

ServiceNow and Microsoft are far along in their development efforts, so expect the first deliverables to roll out next month. The integrations will feed Microsoft’s Azure Sentinel, Microsoft Threat & Vulnerability Management (TVM) into ServiceNow’s Security Operations Solution Suite. The plan also calls for integrating Teams and SharePoint. ServiceNow announced the SecOps integrations during its Knowledge conference, held virtually this year.

The ServiceNow SecOps offerings break down into two core functions: proactive workflow and automation for managing attacks and reactive detection. For reactive remediation, Microsoft’s Azure Sentinel, integrated with ServiceNow Security Incident Response (SIR), promises to provide more rapid remediation.

Azure Sentinel is Microsoft’s new cloud-hosted and managed security information and event management solution (SIEM). ServiceNow’s SIR has integrations with other SIEMs, but increasingly more organizations have adopted Azure Sentinel since its Fall 2019 release.


ServiceNow’s Lou Fiorello

“We are definitely seeing a fair amount of interest in it from our customer base, which is one of the reasons why we’re going very heavily in investing and making sure that we have very tight integration in collaboration with Microsoft,” said Lou Fiorello, general manager of ServiceNow’s security products business.

As data from Azure Sentinel threat and anomaly data feeds into the ServiceNow SIR, it allows MSSPs and enterprise security experts to run them through the ServiceNow automated workflows. Edgile, a Microsoft and ServiceNow partner, had early access to ServiceNow and Microsoft security integrations.

“It allows folks to use the ServiceNow platform to prioritize and help them see the forest from the trees, because there’s so much stuff going on with these scanners and these tools that are being brought in,” said Brian Rizman, who oversees Edgile’s Integrated Risk Management (IRM)/Governance Risk and Compliance (GRC) practice.

Microsoft Teams and SharePoint Integration

Fiorella said ServiceNow will release in beta an incident management feature build on the integration of Microsoft Teams and SharePoint. Information and alerts will surface in Teams, while SharePoint will provide the file repository and file control, he said.

Adding Teams to ServiceNow Incident Management builds on the ITSM integration to Teams the companies announced last year. Edgile’s Rizman said the Teams-SharePoint integration with ServiceNow Incident Management promises to make it easier for security operations management.

“If you could have Teams become the way to trigger, manage, adjudicate and triage security incidents or compliance incidents, that would make your job a much more seamless experience,” Rizman said. “Then the ability to do the artifacting and evidence collection, and being able to store those and spin those up in SharePoint environments, I think will be fantastic as well because those are the natural places that people are doing that work already.”

The integration of Microsoft’s TVM with ServiceNow’s Vulnerability Response focuses on proactive prevention against attacks.

“The TVM integration is being plugged into the proactive side of the portfolio, detecting vulnerabilities, and then providing the visibility and workflow around response, connecting security to IT from ServiceNow,” Fiorello said.

The ServiceNow integration with TVM and Azure Sentinel will be generally available next month. ServiceNow will release the betas of its Teams and SharePoint integrations.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Jeffrey Schwartz or connect with him on LinkedIn.


Read more about:


About the Author(s)

Jeffrey Schwartz

Jeffrey Schwartz has covered the IT industry for nearly three decades, most recently as editor-in-chief of Redmond magazine and executive editor of Redmond Channel Partner. Prior to that, he held various editing and writing roles at CommunicationsWeek, InternetWeek and VARBusiness (now CRN) magazines, among other publications.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like