Servicenow-CIS-VR thinking - Certified Implementation Specialist - Vulnerability Response Updated: 2023

News of a misconfiguration in ServiceNow caused great concern over the past several days because it’s estimated that 80% of Fortune 500 companies deploy ServiceNow. 

If a company was breached, security experts said there would have been direct risks such as data leaks, including passwords, sensitive ticket info, and PII, as well as indirect risk for social engineering campaigns and impact on the organization’s reputation.

But as of Oct. 31, there are no known reported exploits or data loss as a result of the ServiceNow misconfiguration.

Maor Bin, co-founder and CEO at Adaptive Shield, said since reports of the ServiceNow misconfiguration came out last week, his research team detected more than 5,000 exposed companies, where many were Fortune 500 businesses. Bin said once ServiceNow released the fix reportedly on Oct. 20, his team reassessed the exposed portals and found that 99% of the tables within the portals are not accessible, leaving just 1% of affected organizations exposed.

“A single misconfiguration is an Achilles heel to an organization’s SaaS app stack,” said Bin. “They provide an inadvertent gateway for potential threats. In my experience, I have seen this type of misconfiguration be a default one, across many critical apps — and it underscores the importance of meticulous configuration management, where each setting is checked and monitored for compliance.

Bin said the exposure — which dates back to 2015 — was the result of a set of configurations for the ServiceNow Simple List widget that lets the data in the tables be accessed remotely by unauthenticated users. These tables organize information from multiple sources and have configurations with a default setting of public access.

Because these tables are the core of ServiceNow, Bin said the issue isn’t contained within a single setting that can security teams can fix. Potentially, the team needs to remediate this in multiple locations within the application in combination with the usage of the UI widget, and throughout all tenants. To further complicate the issue, changing a single setting could break existing workflows connected to the Simple List tables, causing severe disruption of existing processes.

“We recommend all companies check their ServiceNow tenants to make sure that they aren’t leaking data,” said Bin. “Companies that are still exposed are at high risk of data loss.”

Bin also added that his team’s research is only based on one sampling and does not serve as a conclusive number on the full risk to companies running ServiceNow.  

It was likely an internal audit that helped ServiceNow uncover this misconfiguration, and it’s a great example of how and why we audit our policies and programs to ensure security best practices, said Aubrey Perin, lead threat intelligence analyst at Qualys. Perin said misconfigurations are common enough that many vendors have services to help businesses audit configurations to uncover misconfigurations that could compromise security and allow would-be hackers to make easy gains.

“For companies that are impacted by this issue, the best way for security teams to remediate would be to do a test on a smaller subset of the service environment or backup to ensure that the fixes don't cause further issues for the organization,” said Perin. “It may also be a good time to re-evaluate whether services could be moved to network isolated segments, or otherwise, redefine network utilization. The right move will vary by organization and be dependent on its individual risk appetite. Organizations should follow guidance from ServiceNow and work with them to restore and ensure service.”

Because this misconfiguration gives access to dashboards, not only the loss of data becomes an issue, but also what types of data are important to the business are revealed, said John Gallagher, vice president of Viakoo Labs. Gallagher said ServiceNow gives a unique insight as to how the business views it’s most important metrics. 

“Now that security controls have gotten to the point where no one can keep track of them (or set them properly), expect to see AI-based solutions claiming to solve this problem,” said Gallagher. “In all likelihood, in the future, AI should take care of this. While I can’t point to specific data leaks, with the publication of this, there are a lot of attempts being made and they will continue. Application-based discovery, and knowledge of where instances of ServiceNow are running will definitely help to address the misconfiguration issue.”

ServiceNow, a global leader in digital workflow solutions, has always been dedicated to nurturing a culture of innovation, collaboration and belonging among its employees. It’s no surprise that the company has been recognized as one of Fortune’s Best Workplaces in Technology 2023 and certified as a Great Place to Work in 11 countries.

This commitment is epitomized by its annual Unified Technology Group Connect event, where engineering employees from all corners of the world come together to celebrate their achievements, share ideas and strengthen their bonds as a unified team. This year, the event took place in the United States, Ireland and India, with employees attending the event in the region closest to them.

This year’s UTG Connect just wrapped up, so Built In reached out to three ServiceNow  employees who attended the event to learn about how it empowers growth and opportunity, supports a globally distributed yet vibrant culture, and advances innovation at ServiceNow.

Ekta Akadkar’s journey with ServiceNow began in May 2021 when she joined the company as a summer intern. Her initial experience left an indelible mark and drew her back to the company as a full-time employee after graduation. 

“You want to work at a company whose work is impactful and done in a motivating environment,” she said. “It’s always exciting when other people tell me how using the ServiceNow platform at their companies has made their work more efficient.”

ServiceNow’s culture, rooted in teamwork and continuous improvement, played a pivotal role in  Ekta’s growth as a software engineer. She found herself surrounded by experienced colleagues who welcomed questions and encouraged her to explore various technical skills. 

For Ekta, UTG Connect serves as a symbol of the company’s commitment to supporting individual growth within a collaborative environment.

The event is organized to ensure employees are engaged throughout, with time to rest, refuel, connect and get updates on the latest technology implemented in the ServiceNow platform.

Outside the sessions, Ekta had the opportunity to visit technical booths hosted and facilitated by different teams. She was also able to network with colleagues and learn from their experiences in a more informal setting.

“Bringing the team together creates a common place for employees to connect in person. In the new world of work where many employees work remotely, face-to-face conversation and getting to know people on a deeper level in person was meaningful,” she said.

Bringing the team together creates a common place for employees to connect in person. In the new world of work, face-to-face conversation and getting to know people on a deeper level in person was meaningful.”

For Ekta, having the chance to connect with her colleagues reinforced the power of ServiceNow’s culture and sparked her ambitions to continue to grow with the company.

“Everyone here works on the principle of winning as a team and constantly seeks ways to be helpful. My team members’ humble nature brings confidence in a newcomer like me to ask them any questions,” she said. “I am continuously evolving as a software engineer, and I am learning many technical skills by being on a team with many experienced people.”

Roja Puppala’s journey with ServiceNow began in March 2022, after having been drawn to the company by its stellar reputation and innovative products. She soon fell in love with the flourishing culture, where creativity was celebrated and new ideas were welcomed with open arms.

“The work environment here is simply incredible — a perfect blend of vibrancy and dynamism,” she said. “It motivates me to give my best every day and be a part of the positive impact ServiceNow makes.”

Our vibrant and dynamic culture motivates me to give my best every day and be a part of the positive impact ServiceNow makes.”

Roja’s growth at ServiceNow was powered by her involvement with UTG Connect. She became a key player in organizing UTG Connect — India, collaborating with multiple leaders and stakeholders across the company and expanding her horizons.

“The event planning team goes above and beyond their regular work roles to ensure its success,” she said. “Whether it’s learning sessions, experience demos, tech activations or culture showcases, they do their best to enhance the experience for all attendees. They willingly offer support to their colleagues and take on additional responsibilities to win as a team.”

Working on the event allowed her to gain insights into the company’s developments and innovations while flexing her own skills to support her team. The event served as a platform for showcasing innovations, strengthening bonds within the organization and fostering connections that transcend geographical boundaries.

“As an operations professional, enabling teams brings me immense joy, and UTG Connect presented a tremendous opportunity to do just that,” she said. “Being empowered and encouraged to bring out our creative best is something I value greatly, and here, it’s an integral part of the work ethos. What’s even more inspiring is how receptive everyone is to new ideas, and we’re given the freedom to operate and excel.”

Sangita Pathak joined ServiceNow in July 2018, attracted by the exceptional people who make up its workforce. Ever since, she has been captivated by ServiceNow’s unique blend of executing with heart and a focus on innovation.

As someone who has attended UTG Connect events in different regions around the world, Sangita’s favorite aspect is the energy and excitement brought by ServiceNow’s teams. The events provide a platform for engineering teams to meet in person, fostering connections and boosting innovation.

“UTG connect events enable engineering teams across the world to actually meet each other and see what their teammates are building,” she said. “They serve as a real connection builder and innovation booster. I have heard so many stories about how people met their team members for the first time or attended a talk in person from someone they had only heard of. But simply walking the hallways, attending the sessions and learning about our teammates is my favorite thing about the event. It’s a gift and privilege that we should cherish.”

According to Sangita, UTG Connect contributes significantly to professional growth and development within ServiceNow.

“Connect helps break siloes, create visibility, create belonging and allow teams to refresh and recharge while inspiring their continued innovation,” she said.

Connect helps break siloes, create visibility, create belonging and allow teams to refresh and recharge while inspiring their continued innovation.”

Sangita is excited about ServiceNow’s future and her career within the company. She feels privileged to work for an organization that navigates the technology landscape boldly and invests in future technology.

“We love what we do and it shows,” Sangita said.

And across ServiceNow’s tech teams, no event reveals that more than UTG Connect.

ServiceNow Inc.’s stock leaped 5% in extended trading Wednesday after the company reported a quarterly bounce in revenue on strong subscription sales.

“It’s incredible. Innovation is the well-spring of growth: We have introduced 5,000 new innovations this year,” ServiceNow Chief Executive Bill McDermott said in an interview Wednesday. “The tailwind of generative-AI when you have real product and real growth works.”

The exact market performance of ServiceNow Inc (NYSE:NOW) has seen a daily gain of 2.33%, despite a 3-month loss of -4.95%. With an Earnings Per Share (EPS) of 6.94, one might wonder if the stock is significantly undervalued. In this article, we will explore this question through a thorough valuation analysis. Read on to discover the intrinsic value of ServiceNow.

A Snapshot of ServiceNow Inc (NYSE:NOW)

ServiceNow Inc provides software solutions to structure and automate various business processes via a SaaS delivery model. The company primarily focuses on the IT function for enterprise customers. ServiceNow began with IT service management, expanded within the IT function, and more recently directed its workflow automation logic to functional areas beyond IT, notably customer service, HR service delivery, and security operations. ServiceNow also offers an application development platform as a service.

The current stock price for ServiceNow is $564.47. However, according to the GF Value, an estimation of the fair value of the stock, the price should be around $808.64. This suggests that ServiceNow may be significantly undervalued.

Understanding the GF Value

The GF Value represents the current intrinsic value of a stock derived from our exclusive method. The GF Value Line on our summary page gives an overview of the fair value that the stock should be traded at. It is calculated based on three factors:

1. Historical multiples (PE Ratio, PS Ratio, PB Ratio and Price-to-Free-Cash-Flow) that the stock has traded at.

2. GuruFocus adjustment factor based on the company's past returns and growth.

3. Future estimates of the business performance.

We believe the GF Value Line is the fair value that the stock should be traded at. The stock price will most likely fluctuate around the GF Value Line. If the stock price is significantly above the GF Value Line, it is overvalued and its future return is likely to be poor. On the other hand, if it is significantly below the GF Value Line, its future return will likely be higher.

Story continues

At its current price of $564.47 per share and the market cap of $115.20 billion, ServiceNow stock gives every indication of being significantly undervalued. Because ServiceNow is significantly undervalued, the long-term return of its stock is likely to be much higher than its business growth.

Link: These companies may deliver higher future returns at reduced risk.

Financial Strength of ServiceNow

Investing in companies with poor financial strength has a higher risk of permanent loss of capital. Thus, it is important to carefully review the financial strength of a company before deciding whether to buy its stock. Looking at the cash-to-debt ratio and interest coverage is a great starting point for understanding the financial strength of a company. ServiceNow has a cash-to-debt ratio of 2.15, which is worse than 52.91% of 2729 companies in the Software industry. GuruFocus ranks the overall financial strength of ServiceNow at 8 out of 10, which indicates that the financial strength of ServiceNow is strong.

Profitability and Growth of ServiceNow

It poses less risk to invest in profitable companies, especially those that have demonstrated consistent profitability over the long term. A company with high profit margins is also typically a safer investment than one with low profit margins. ServiceNow has been profitable 4 over the past 10 years. Over the past twelve months, the company had a revenue of $8 billion and Earnings Per Share (EPS) of $6.94. Its operating margin is 6.32%, which ranks better than 59.67% of 2760 companies in the Software industry. Overall, GuruFocus ranks the profitability of ServiceNow at 5 out of 10, which indicates fair profitability.

One of the most important factors in the valuation of a company is growth. Long-term stock performance is closely correlated with growth according to GuruFocus research. Companies that grow faster create more value for shareholders, especially if that growth is profitable. The average annual revenue growth of ServiceNow is 26.6%, which ranks better than 82.08% of 2394 companies in the Software industry. The 3-year average EBITDA growth is 33.2%, which ranks better than 80.28% of 1988 companies in the Software industry.

ROIC vs WACC

Another way to evaluate a company's profitability is to compare its return on invested capital (ROIC) to its weighted cost of capital (WACC). Return on invested capital (ROIC) measures how well a company generates cash flow relative to the capital it has invested in its business. The weighted average cost of capital (WACC) is the rate that a company is expected to pay on average to all its security holders to finance its assets. If the ROIC is higher than the WACC, it indicates that the company is creating value for shareholders. Over the past 12 months, ServiceNow's ROIC was 10.09, while its WACC came in at 9.37.

Conclusion

In summary, the stock of ServiceNow (NYSE:NOW) gives every indication of being significantly undervalued. The company's financial condition is strong and its profitability is fair. Its growth ranks better than 80.28% of 1988 companies in the Software industry. To learn more about ServiceNow stock, you can check out its 30-Year Financials here.

To find out the high-quality companies that may deliver above-average returns, please check out GuruFocus High Quality Low Capex Screener.

This article, generated by GuruFocus, is designed to provide general insights and is not tailored financial advice. Our commentary is rooted in historical data and analyst projections, utilizing an impartial methodology, and is not intended to serve as specific investment guidance. It does not formulate a recommendation to purchase or divest any stock and does not consider individual investment objectives or financial circumstances. Our objective is to deliver long-term, fundamental data-driven analysis. Be aware that our analysis might not incorporate the most recent, price-sensitive company announcements or qualitative information. GuruFocus holds no position in the stocks mentioned herein.

This article first appeared on GuruFocus.

BOSTON – November 7, 2023 – Snyk, a developer security company, today announced a new joint solution with ServiceNow, giving software engineers vulnerability intelligence into their software bill of materials (SBOMs).

With this new solution, Snyk Vulnerability Intelligence for SBOM, developers will now have end-to-end visibility of vulnerabilities in their full software supply chain as they move from ideation to deployment. The combination of Snyk’s leading security intelligence with the Now Platform will help keep enterprises worldwide more secure overall.

This new feature is an essential component of driving increased software transparency and will help to support organizations’ secure development practices, a priority of the newly announced White House National Cybersecurity Strategic Implementation Plan. To this end, Snyk’s recently released State of Open Source Security Report found that nearly 90% of organizations were impacted by one or more supply chain security issues, while only 42% are using SBOMs, further underscoring the industry’s need for this new seamless solution.

“Our customers are the direct beneficiaries of our close, long-term relationship with ServiceNow,” said Manoj Nair, Chief Product Officer, Snyk. “Today’s latest strategic solution is the result of closely listening to their feedback, and we look forward to continuing to work together in order to solve the cybersecurity challenges confronting global enterprises today and in the future.”

“While SBOMs deliver improved visibility, transparency, security and integrity of code, on their own they don’t actually help security engineers eliminate risk across their software supply chain. Without the ability to address vulnerabilities, enterprises remain at considerable risk,” said Lou Fiorello, vice president and general manager of security products, ServiceNow. “By adding Snyk’s security insights to ServiceNow’s workflows, global enterprises can accurately pinpoint whether any part of their software supply chain is at risk and take swift action accordingly.”

With today’s new joint solution, Snyk is proud to bring this sophisticated level of software composition analysis (SCA) to ServiceNow customers. This feature allows teams to take the security of their development to the next level — not only having a complete view of their attack surface, but also being able to quickly identify specific areas that are currently at risk. This vulnerability solution allows packages found in teams’ SBOMs to be tested against the industry’s leading database for open source vulnerabilities and cloud misconfigurations.

This milestone is the latest example of how the Snyk and ServiceNow partnership continues to grow and evolve, allowing enterprises worldwide to continue their pace of innovation securely by default. As a Snyk customer and partner, as well as a recent investor, ServiceNow has been fiercely committed to working with Snyk in order to pivot the legacy security industry to embrace a more modern, developer-led approach.

As a Registered Build Partner, the certified solution is now available in the ServiceNow Store.

ServiceNow (NOW) is expected to deliver a year-over-year increase in earnings on higher revenues when it reports results for the quarter ended September 2023. This widely-known consensus outlook gives a good sense of the company's earnings picture, but how the real results compare to these estimates is a powerful factor that could impact its near-term stock price.

The stock might move higher if these key numbers top expectations in the upcoming earnings report, which is expected to be released on October 25. On the other hand, if they miss, the stock may move lower.

While management's discussion of business conditions on the earnings call will mostly determine the sustainability of the immediate price change and future earnings expectations, it's worth having a handicapping insight into the odds of a positive EPS surprise.

Zacks Consensus Estimate

This maker of software that automates companies' technology operations is expected to post quarterly earnings of $2.54 per share in its upcoming report, which represents a year-over-year change of +29.6%.

Revenues are expected to be $2.27 billion, up 24.1% from the year-ago quarter.

Estimate Revisions Trend

The consensus EPS estimate for the quarter has remained unchanged over the last 30 days. This is essentially a reflection of how the covering analysts have collectively reassessed their initial estimates over this period.

Investors should keep in mind that an aggregate change may not always reflect the direction of estimate revisions by each of the covering analysts.

Earnings Whisper

Estimate revisions ahead of a company's earnings release offer clues to the business conditions for the period whose results are coming out. This insight is at the core of our proprietary surprise prediction model -- the Zacks Earnings ESP (Expected Surprise Prediction).

The Zacks Earnings ESP compares the Most Accurate Estimate to the Zacks Consensus Estimate for the quarter; the Most Accurate Estimate is a more exact version of the Zacks Consensus EPS estimate. The idea here is that analysts revising their estimates right before an earnings release have the latest information, which could potentially be more accurate than what they and others contributing to the consensus had predicted earlier.

Story continues

Thus, a positive or negative Earnings ESP memorizing theoretically indicates the likely deviation of the real earnings from the consensus estimate. However, the model's predictive power is significant for positive ESP readings only.

A positive Earnings ESP is a strong predictor of an earnings beat, particularly when combined with a Zacks Rank #1 (Strong Buy), 2 (Buy) or 3 (Hold). Our research shows that stocks with this combination produce a positive surprise nearly 70% of the time, and a solid Zacks Rank actually increases the predictive power of Earnings ESP.

Please note that a negative Earnings ESP memorizing is not indicative of an earnings miss. Our research shows that it is difficult to predict an earnings beat with any degree of confidence for stocks with negative Earnings ESP readings and/or Zacks Rank of 4 (Sell) or 5 (Strong Sell).

How Have the Numbers Shaped Up for ServiceNow?

For ServiceNow, the Most Accurate Estimate is lower than the Zacks Consensus Estimate, suggesting that analysts have recently become bearish on the company's earnings prospects. This has resulted in an Earnings ESP of -2.30%.

On the other hand, the stock currently carries a Zacks Rank of #3.

So, this combination makes it difficult to conclusively predict that ServiceNow will beat the consensus EPS estimate.

Does Earnings Surprise History Hold Any Clue?

While calculating estimates for a company's future earnings, analysts often consider to what extent it has been able to match past consensus estimates. So, it's worth taking a look at the surprise history for gauging its influence on the upcoming number.

For the last reported quarter, it was expected that ServiceNow would post earnings of $2.05 per share when it actually produced earnings of $2.37, delivering a surprise of +15.61%.

Over the last four quarters, the company has beaten consensus EPS estimates four times.

Bottom Line

An earnings beat or miss may not be the sole basis for a stock moving higher or lower. Many stocks end up losing ground despite an earnings beat due to other factors that disappoint investors. Similarly, unforeseen catalysts help a number of stocks gain despite an earnings miss.

That said, betting on stocks that are expected to beat earnings expectations does increase the odds of success. This is why it's worth checking a company's Earnings ESP and Zacks Rank ahead of its quarterly release. Make sure to utilize our Earnings ESP Filter to uncover the best stocks to buy or sell before they've reported.

ServiceNow doesn't appear a compelling earnings-beat candidate. However, investors should pay attention to other factors too for betting on this stock or staying away from it ahead of its earnings release.

Stay on top of upcoming earnings announcements with the Zacks Earnings Calendar.

Want the latest recommendations from Zacks Investment Research? Today, you can download 7 Best Stocks for the Next 30 Days. Click to get this free report

ServiceNow, Inc. (NOW) : Free Stock Analysis Report

To read this article on Zacks.com click here.

Zacks Investment Research