Check Point Integration with ServiceNow SecOps
The Check Point ServiceNow application integrates Security Operations allowing security analyst to create Check Point Block List entries from observables and determined to be malicious in ServiceNow security incidents.
Home > Case Studies > Check Point Integration with ServiceNow SecOps
Executive Summary
Responding to threats with a diverse set of security products manually leaves the security analyst to correlate heaps of information and act on potential threats. Check Point next-gen Threat Prevention Firewall closed the security gap by preventing and responding to threats with seamless integration with ServiceNow SecOps.
Check Point Software Technologies Ltd. is a multinational provider of software and combined hardware and software products for IT security, including network security, endpoint security, cloud security, mobile security, data security, and security management.
Business Challenge
The Check Point wanted to develop the ServiceNow application for Next Generation Threat Prevention Integration for Security Operations Team. The company wanted to enable enterprise security analysts to block malicious IP addresses, URLs, and Domains using Block Request List capabilities within ServiceNow Security Incident Response.
Customer Solution
The Check Point ServiceNow application integrates Security Operations allowing security analyst to create Check Point Block List entries from observables and determined to be malicious in ServiceNow security incidents. The main features of the integration include:
Flexibility to create multiple Block Lists that apply to multiple Check Point Gateways.
Detailed reporting on the types of sites being blocked (phishing, malware, and whitelisted sites).
Tagging of Now Platform security incidents with Block List entries by the observable type (URL, domain, IP address).
Configuring Block List expiration periods to maintain Block List size by automatically expiring or removing older entries.
Searching Block List entries between different Block Lists.
Linking Block List entries to observable records and security incidents that include threat intelligence results and details about why an entry is blocked.
The Crest Difference
By deriving the threat intelligence from tracked Observables in ServiceNow Security Incident Response, a SOC analyst can block the malicious observables on Threat Prevention platform seamlessly, reducing the turnaround time significantly.