Keeper Security Launches ServiceNow Integration to Improve Visibility and Response to Cyber Attacks
LONDON, UNITED KINGDOM, December 10, 2025 /EINPresswire.com/ -- Keeper Security, the leading provider of zero-trust and zero-knowledge cybersecurity software protecting passwords and passkeys, infrastructure secrets, remote connections and endpoints, today announces a new integration with ServiceNow® IT Service Management (ITSM) and the Security Incident Response (SIR) module. The integration allows organisations to securely ingest security alerts from across the Keeper platform directly into ServiceNow, enabling faster and more consistent investigation of incidents tied to credentials, secrets and privileged access.
Stolen credentials remain one of the most common entry points for cyber attackers. According to the 2025 Verizon Data Breach Investigations Report, 60% of cybersecurity breaches involve the human element, including compromised passwords and misuse of access. Keeper’s global research (https://www.keeper.io/hubfs/Reports/PAM-Key-to-Modern-Enterprise-Defense-Report-EN.pdf?&utm_medium=press_release&utm_campaign=Communications) reinforces the urgency of protecting the identity layer, with 69% of organisations adopting Privileged Access Management (PAM) to defend against credential theft. Many of these threats originate from privileged and administrative activity, which organisations secure through solutions like KeeperPAM®, Keeper’s cloud-native PAM platform. The new ServiceNow integration helps teams operationalise these defenses by routing high-priority identity and access alerts into the workflows they already rely on for incident management.
“Identity-based attacks are growing more sophisticated, but the fundamentals remain the same. Defenders need reliable signals and immediate context, and this integration delivers both,” said Craig Lurey, CTO and Co-founder of Keeper Security. “By sending Keeper’s privileged access telemetry to ServiceNow in real time, security teams can focus on analysis and action instead of stitching data together. It’s a streamlined, practical way to strengthen visibility where it matters most.”
The Keeper Security ITSM application provides a guided setup experience and a secure, OAuth 2.0-protected webhook to receive alerts from the Keeper platform. Security teams can operationalise activities such as BreachWatch® (https://www.keepersecurity.com/breachwatch.html?&utm_medium=press_release&utm_campaign=Communications) detections of compromised passwords, changes in privileged user behaviour and high-risk actions involving credentials, secrets or privileged sessions. The integration automatically converts incoming alerts into SIR tickets with full contextual detail, allowing analysts to triage and investigate with greater accuracy and fewer manual steps.
Key features include:
• Secure Webhook Ingestion: Endpoint protection with OAuth 2.0 ensures that alerts are only accepted from authorised Keeper systems.
• Automated Incident Creation: Incoming alerts are mapped to SIR records, eliminating manual ticket creation and reducing response time.
• Custom Priority Mapping: Administrators can assign severity levels based on alert type, aligning Keeper events with existing response processes.
• Guided Setup and Token Management: Administrators can configure the connection and manage authentication tokens without custom development.
• Comprehensive Alert Context: Alert payloads include detailed metadata to support efficient investigation.
• Zero-Knowledge Security Architecture: Keeper cannot access or decrypt customer data, ensuring maximum privacy and security.
“Attackers don’t wait, so organisations shouldn’t wait either for the critical signals that can stop an attack before damage is inflicted,” said Darren Guccione, CEO and Co-founder of Keeper Security. “By bringing Keeper’s privileged access intelligence straight into ServiceNow, in real time, we’re giving organisations a faster path to detection and response at the identity layer, where most attacks begin.”
As organisations contend with increasingly distributed infrastructure and a rise in credential-driven attacks, consistent visibility across identity and privileged access tools is essential. Keeper’s integration with ServiceNow closes a persistent monitoring gap and strengthens an organisation’s ability to detect, investigate and resolve identity-related incidents quickly.
The integration is available now in the ServiceNow Store, along with full documentation for deployment.
###
About Keeper Security
Keeper Security is one of the fastest-growing cybersecurity software companies that protects thousands of organisations and millions of people in over 150 countries. Keeper is a pioneer of zero-knowledge and zero-trust security built for any IT environment. Its core offering, KeeperPAM®, is an AI-enabled, cloud-native platform that protects all users, devices and infrastructure from cyber attacks. Recognised for its innovation in the Gartner Magic Quadrant for Privileged Access Management (PAM), Keeper secures passwords and passkeys, infrastructure secrets, remote connections and endpoints with role-based enforcement policies, least privilege and just-in-time access. Learn why Keeper is trusted by leading organisations to defend against modern adversaries at KeeperSecurity.com.
Stolen credentials remain one of the most common entry points for cyber attackers. According to the 2025 Verizon Data Breach Investigations Report, 60% of cybersecurity breaches involve the human element, including compromised passwords and misuse of access. Keeper’s global research (https://www.keeper.io/hubfs/Reports/PAM-Key-to-Modern-Enterprise-Defense-Report-EN.pdf?&utm_medium=press_release&utm_campaign=Communications) reinforces the urgency of protecting the identity layer, with 69% of organisations adopting Privileged Access Management (PAM) to defend against credential theft. Many of these threats originate from privileged and administrative activity, which organisations secure through solutions like KeeperPAM®, Keeper’s cloud-native PAM platform. The new ServiceNow integration helps teams operationalise these defenses by routing high-priority identity and access alerts into the workflows they already rely on for incident management.
“Identity-based attacks are growing more sophisticated, but the fundamentals remain the same. Defenders need reliable signals and immediate context, and this integration delivers both,” said Craig Lurey, CTO and Co-founder of Keeper Security. “By sending Keeper’s privileged access telemetry to ServiceNow in real time, security teams can focus on analysis and action instead of stitching data together. It’s a streamlined, practical way to strengthen visibility where it matters most.”
The Keeper Security ITSM application provides a guided setup experience and a secure, OAuth 2.0-protected webhook to receive alerts from the Keeper platform. Security teams can operationalise activities such as BreachWatch® (https://www.keepersecurity.com/breachwatch.html?&utm_medium=press_release&utm_campaign=Communications) detections of compromised passwords, changes in privileged user behaviour and high-risk actions involving credentials, secrets or privileged sessions. The integration automatically converts incoming alerts into SIR tickets with full contextual detail, allowing analysts to triage and investigate with greater accuracy and fewer manual steps.
Key features include:
• Secure Webhook Ingestion: Endpoint protection with OAuth 2.0 ensures that alerts are only accepted from authorised Keeper systems.
• Automated Incident Creation: Incoming alerts are mapped to SIR records, eliminating manual ticket creation and reducing response time.
• Custom Priority Mapping: Administrators can assign severity levels based on alert type, aligning Keeper events with existing response processes.
• Guided Setup and Token Management: Administrators can configure the connection and manage authentication tokens without custom development.
• Comprehensive Alert Context: Alert payloads include detailed metadata to support efficient investigation.
• Zero-Knowledge Security Architecture: Keeper cannot access or decrypt customer data, ensuring maximum privacy and security.
“Attackers don’t wait, so organisations shouldn’t wait either for the critical signals that can stop an attack before damage is inflicted,” said Darren Guccione, CEO and Co-founder of Keeper Security. “By bringing Keeper’s privileged access intelligence straight into ServiceNow, in real time, we’re giving organisations a faster path to detection and response at the identity layer, where most attacks begin.”
As organisations contend with increasingly distributed infrastructure and a rise in credential-driven attacks, consistent visibility across identity and privileged access tools is essential. Keeper’s integration with ServiceNow closes a persistent monitoring gap and strengthens an organisation’s ability to detect, investigate and resolve identity-related incidents quickly.
The integration is available now in the ServiceNow Store, along with full documentation for deployment.
###
About Keeper Security
Keeper Security is one of the fastest-growing cybersecurity software companies that protects thousands of organisations and millions of people in over 150 countries. Keeper is a pioneer of zero-knowledge and zero-trust security built for any IT environment. Its core offering, KeeperPAM®, is an AI-enabled, cloud-native platform that protects all users, devices and infrastructure from cyber attacks. Recognised for its innovation in the Gartner Magic Quadrant for Privileged Access Management (PAM), Keeper secures passwords and passkeys, infrastructure secrets, remote connections and endpoints with role-based enforcement policies, least privilege and just-in-time access. Learn why Keeper is trusted by leading organisations to defend against modern adversaries at KeeperSecurity.com.
Charley Nash
Account Manager
charley@eskenzipr.com
Visit us on social media:
LinkedIn
Instagram
Facebook
YouTube
TikTok
X
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.