Keeper Safety has introduced a brand new integration with ServiceNow® IT Service Administration (ITSM) and the Safety Incident Response (SIR) module. The combination permits organisations to securely ingest safety alerts from throughout the Keeper platform instantly into ServiceNow, enabling sooner and extra constant investigation of incidents tied to credentials, secrets and techniques and privileged entry.
Stolen credentials stay one of the crucial frequent entry factors for cyber attackers. Based on the 2025 Verizon Knowledge Breach Investigations Report, 60% of cybersecurity breaches contain the human factor, together with compromised passwords and misuse of entry. Keeper’s international analysis reinforces the urgency of defending the id layer, with 69% of organisations adopting Privileged Entry Administration (PAM) to defend in opposition to credential theft. Many of those threats originate from privileged and administrative exercise, which organisations safe via options like KeeperPAM®, Keeper’s cloud-native PAM platform. The brand new ServiceNow integration helps groups operationalise these defences by routing high-priority id and entry alerts into the workflows they already depend on for incident administration.
Craig Lurey, CTO and Co-founder of Keeper Safety, stated: “Id-based assaults are rising extra refined, however the fundamentals stay the identical. Defenders want dependable alerts and speedy context, and this integration delivers each. By sending Keeper’s privileged entry telemetry to ServiceNow in actual time, safety groups can deal with evaluation and motion as an alternative of sewing information collectively. It’s a streamlined, sensible solution to strengthen visibility the place it issues most.”
The Keeper Safety ITSM software offers a guided setup expertise and a safe, OAuth 2.0-protected webhook to obtain alerts from the Keeper platform. Safety groups can operationalise actions similar to BreachWatch® detections of compromised passwords, modifications in privileged person behaviour and high-risk actions involving credentials, secrets and techniques or privileged periods. The combination routinely converts incoming alerts into SIR tickets with full contextual element, permitting analysts to triage and examine with higher accuracy and fewer guide steps.
The combination provides safe webhook ingestion protected by OAuth 2.0, routinely changing incoming alerts into SIR information to take away guide ticket creation and velocity up response occasions. Directors can map alert sorts to customized severity ranges, configure the connection, and handle authentication tokens with none bespoke growth. Every alert consists of detailed metadata to assist investigations, and the platform’s zero-knowledge structure ensures Keeper can not entry or decrypt buyer information, sustaining sturdy privateness and safety all through.
“Attackers don’t wait, so organisations shouldn’t wait both for the crucial alerts that may cease an assault earlier than injury is inflicted,” stated Darren Guccione, CEO and Co-founder of Keeper Safety. “By bringing Keeper’s privileged entry intelligence straight into ServiceNow, in actual time, we’re giving organisations a sooner path to detection and response on the id layer, the place most assaults start.”
As organisations take care of more and more distributed infrastructure and an increase in credential-driven assaults, constant visibility throughout id and privileged entry instruments is crucial. Keeper’s integration with ServiceNow closes a persistent monitoring hole and strengthens an organisation’s capability to detect, examine and resolve identity-related incidents rapidly.
