When you run an enterprise that serves more than 190 markets worldwide, information security (InfoSec) is of utmost importance.
That’s why online marketplace eBay embarked on a multiyear journey to transform and strengthen how it manages InfoSec. eBay's transformation focused on three key areas: security incident response, vulnerability management, and governance, risk, and compliance (GRC).
Reduced security incident response times
Faced with an increasingly hostile cybersecurity environment, eBay needed a way to quickly respond to and resolve a rising volume of security incidents—without radically increasing headcount. The company wanted to automate the response process and consolidate information from multiple security tools to create an efficient, unified view for its security engineers.
After evaluating its options, eBay chose ServiceNow Security Incident Response for its advanced workflow capabilities and integrations with security tools and other systems. ServiceNow also provided the flexibility and extensibility eBay needed to address its unique security requirements.
Security Incident Response automatically collects information from multiple security tools and native logs, giving security engineers a single dashboard for managing security alerts. When an engineer spots an issue with an employee account, for example, they can automatically disable the account with the click of a button rather than wasting precious time on long phone calls trying to get it disabled.
The combination of unified visibility and automated remediation has reduced response times by nearly 80%, and 50% of security alerts are resolved automatically without any human intervention.
Took control of vulnerabilities
Buoyed by its success with security incident response, eBay turned its attention to vulnerability management. As an established tech company with a track record of innovation, eBay has an extremely diverse set of technology stacks. This results in a broad range of vulnerabilities that need to be managed.
eBay’s vulnerability management team had to engage in extensive email interactions with multiple infrastructure teams, including following up repeatedly to ensure vulnerabilities were addressed within rigorous service-level agreement periods. eBay saw the opportunity to streamline this process using ServiceNow Vulnerability Response.
The product automatically gathers information from eBay’s vulnerability scanners and configuration management database (CMDB) to enrich the vulnerabilities with information such as infrastructure owners.
After that, Vulnerability Response groups the vulnerabilities into tasks for owners using grouping rules eBay set up. Once a vulnerability management engineer has checked a task, the product automatically raises a ticket for the owner.
Since eBay uses JIRA, an application available out of the box in ServiceNow Integration Hub, Vulnerability Response automatically creates a corresponding JIRA ticket. This gives owners a familiar mechanism to address vulnerabilities.
The product then detects when the vulnerability has been remediated using data from subsequent vulnerability scans, automatically updating and closing the ticket. This automated approach has allowed eBay to scale its vulnerability management program.
Collected evidence automatically
With a handle on security incident response and vulnerability management, eBay launched the third leg of its InfoSec journey: GRC. Faced with increasing GRC requirements due to evolving regulations and the launch of a new payment system, eBay needed a way to extend the reach of its InfoSec GRC team while reducing the burden on control owners.
The company created a user-friendly ServiceNow portal to give end users one-click access to a comprehensive range of ServiceNow Integrated Risk Management capabilities. These include policy management, requesting and tracking exceptions, risks, controls, and attestations.
eBay quickly realized one of the key bottlenecks in its GRC processes was gathering evidence of control compliance. This caused significant work for control owners and resulted in back-and-forth communications between owners and the GRC team.
To address this issue, eBay decided to automate evidence collection wherever possible, including collecting evidence within the ServiceNow platform and from external tools such as Splunk and Qualys. Now, Integrated Risk Management automatically gathers this evidence, presenting control owners with easily digestible information they can review and attest to with a single click.
To date, eBay has automated nearly 50% of its evidence collection tasks, saving significant time for control owners and ensuring the right evidence is provided to the GRC team.
Continued momentum
eBay continues to grow the value of its ServiceNow InfoSec solution, working with process owners and end users to deliver enhanced capabilities that increase both security and efficiency. By bringing together Security Incident Response, Vulnerability Response, and Integrated Risk Management on a single platform, eBay benefits from synergies that span these three areas and produce results that are greater than the sum of the individual parts.
The company has achieved these outcomes with a core team of just two employees and two consultants, delivering advantages that far outweigh the investment.
Find out more about how ServiceNow can help your organization boost cybersecurity resilience with security, risk, and IT working together.
© 2024 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow marks are trademarks and/or registered trademarks of ServiceNow, Inc. in the United States and/or other countries. Other company names, product names, and logos may be trademarks of the respective companies with which they are associated.
