Check Point Integration with ServiceNow SecOps

Automating Cyber Threat Response using ServiceNow SecOps for Check Point Next-Gen Threat Prevention Firewall

Executive Summary

Responding to threats with a diverse set of security products manually leaves the security analyst to correlate heaps of information and act on potential threats. Check Point next-gen Threat Prevention Firewall closed the security gap by preventing and responding to threats with seamless integration with ServiceNow SecOps.

Services
  • Engineering Services
  • Enterprise Integrations
  • Managed ITSM
  • Managed SIEM
  • Managed SoC
  • Software Development
Technology and Platform
  • ServiceNow Platform

About Client

Check Point Software Technologies Ltd. is a multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security, and security management.

Business Challenge

The Check Point wanted to develop the ServiceNow application for Next Generation Threat Prevention Integration for Security Operations Team.  The company wanted to enable enterprise security analysts to block malicious IP addresses, URLs, and Domains using Block Request List capabilities within ServiceNow Security Incident Response.

Client Solution

The Check Point ServiceNow application integrates Security Operations allowing security analyst to create Check Point Block List entries from observables and determined to be malicious in ServiceNow security incidents. The main features of the integration include:

  • Flexibility to create multiple Block Lists that apply to multiple Check Point Gateways.
  • Detailed reporting on the types of sites being blocked (phishing, malware, and whitelisted sites).
  • Tagging of Now Platform security incidents with Block List entries by the observable type (URL, domain, IP address).
  • Configuring Block List expiration periods to maintain Block List size by automatically expiring or removing older entries.
  • Searching Block List entries between different Block Lists.
  • Linking Block List entries to observable records and security incidents that include threat intelligence results and details about why an entry is blocked.

The Crest Difference

By deriving the threat intelligence from tracked Observables in ServiceNow Security Incident Response, a SOC analyst can block the malicious observables on Threat Prevention platform seamlessly, reducing the turnaround time significantly.

Download Case Study

Download a detailed case study to explore a solution in detail.

I agree with storage and handling of my information.


By using this site, you agree with our use of cookies. Privacy Policy