Press ReleaseThreat Detection & Defense

Keeper Security Launches ServiceNow Integration to Improve Visibility, Response to Cyberattacks

Closing Visibility Gaps Exploited in Most Modern Breaches by Streaming Real-Time Identity and Access Alerts Directly into Existing Security Workflows

Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords and passkeys, infrastructure secrets, remote connections, and endpoints, today announces a new integration with ServiceNow® IT Service Management (ITSM) and the Security Incident Response (SIR) module. The integration allows organisations to securely ingest security alerts from across the Keeper platform directly into ServiceNow, enabling faster and more consistent investigation of incidents tied to credentials, secrets, and privileged access.

Stolen credentials remain one of the most common entry points for cyber attackers. According to the 2025 Verizon Data Breach Investigations Report, 60% of cybersecurity breaches involve the human element, including compromised passwords and misuse of access. Keeper’s global research reinforces the urgency of protecting the identity layer, with 69% of organisations adopting Privileged Access Management (PAM) to defend against credential theft. Many of these threats originate from privileged and administrative activity, which organisations secure through solutions like KeeperPAM®, Keeper’s cloud-native PAM platform. The new ServiceNow integration helps teams operationalise these defences by routing high-priority identity and access alerts into the workflows they already rely on for incident management.

“Identity-based attacks are growing more sophisticated, but the fundamentals remain the same. Defenders need reliable signals and immediate context, and this integration delivers both,” said Craig Lurey, CTO and Co-founder of Keeper Security. “By sending Keeper’s privileged access telemetry to ServiceNow in real time, security teams can focus on analysis and action instead of stitching data together. It’s a streamlined, practical way to strengthen visibility where it matters most.”

What Keeper Security Offers with Its ServiceNow Integration

The Keeper Security ITSM application provides a guided setup experience and a secure, OAuth 2.0-protected webhook to receive alerts from the Keeper platform. Security teams can operationalise activities such as BreachWatch® detections of compromised passwords, changes in privileged user behaviour, and high-risk actions involving credentials, secrets, or privileged sessions. The integration automatically converts incoming alerts into SIR tickets with full contextual detail, allowing analysts to triage and investigate with greater accuracy and fewer manual steps.

Key features of this integration include:

  • Secure Webhook Ingestion: Endpoint protection with OAuth 2.0 ensures that alerts are only accepted from authorised Keeper systems.

  • Automated Incident Creation: Incoming alerts are mapped to SIR records, eliminating manual ticket creation and reducing response time.

  • Custom Priority Mapping: Administrators can assign severity levels based on alert type, aligning Keeper events with existing response processes.

  • Guided Setup and Token Management: Administrators can configure the connection and manage authentication tokens without custom development.

  • Comprehensive Alert Context: Alert payloads include detailed metadata to support efficient investigation.

  • Zero-Knowledge Security Architecture: Keeper cannot access or decrypt customer data, ensuring maximum privacy and security.

“Attackers don’t wait, so organisations shouldn’t wait either for the critical signals that can stop an attack before damage is inflicted,” said Darren Guccione, CEO and Co-Founder of Keeper Security. “By bringing Keeper’s privileged access intelligence straight into ServiceNow, in real time, we’re giving organisations a faster path to detection and response at the identity layer, where most attacks begin.”

As organisations contend with increasingly distributed infrastructure and a rise in credential-driven attacks, consistent visibility across identity and privileged access tools is essential. Keeper’s integration with ServiceNow closes a persistent monitoring gap and strengthens an organisation’s ability to detect, investigate, and resolve identity-related incidents quickly.

The Keeper Security integration is available now in the ServiceNow Store, along with full documentation for deployment.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *