To address these challenges, Crest Data developed an integration enabling the security analysts to create block list entries from malicious observables within ServiceNow security incidents. This solution offered robust capability to manage multiple block lists that apply to multiple gateways, automate entry expiration, and link block list data with detailed threat intelligence. This integration significantly reduced the turnaround time by enabling the SOC analysts to block malicious observables seamlessly.

About the Customer

The customer is a leading multinational provider of comprehensive IT security solutions, offering a wide array of software and integrated hardware products. They have extensive expertise across different domains, including network security, endpoint security, cloud security, mobile security, data security, and security management.

Customer Challenge

Manually correlating vast amounts of information gathered from different security products poses a challenge for security analysts. This is a manual process, and they could not act on potential threats quickly, creating critical security gaps.

The customer felt the need to enable their security teams to block malicious IP addresses, URLs, and domains using block request list capabilities within the ServiceNow Security Incident Response framework. 

Also, responding to malicious observables in the absence of a robust automated integration between their threat prevention platforms and security operations workflows resulted in higher turnaround times.

Proposed Solution

Crest Data developed an integration for the Security Operations (SecOps) framework, allowing security analysts to create block list entries from malicious observables identified in the security incidents. This solution significantly increased flexibility to manage multiple block lists across various security gateways.  

The teams also received detailed reporting about the nature of blocked sites, like those associated with phishing or malware. The integration also allowed efficient management by allowing automated expiration periods to maintain the block list size by automatically removing older entries. 

This solution enabled tagging of security incidents based on observable types like URLs, domains, and IP addresses. This provided an efficient centralized way to search across different block lists.

Through efficient linking of block list entries to observable incident records that include detailed threat intelligence, the SOC analysts could seamlessly block malicious observables, resulting in reduced turnaround time.

About Crest Data

Crest Data is a data and AI-first product engineering and technology solutions provider with deep expertise in cloud and AI, cybersecurity, observability, data analytics, and workflow automation. In this case study, Crest Data applied its SecOps and automation capabilities to help the customer significantly reduce threat response turnaround time by enabling the seamless blocking of malicious observables within the ServiceNow Security Incident Response framework.

With 1,200+ experts and a track record of 5,500+ successful projects across 150+ global customers, and backed by strong partnerships with ServiceNow, AWS, Google, Microsoft, Datadog, Dynatrace, and NetApp, Crest Data delivers outcome-focused solutions that strengthen security, improve platform reliability, and enable sustainable digital growth.