Rich Bowen recently joined Phantom as our Vice President of Engineering. We asked Rich to provide his thoughts on the industry and what led him to join the Phantom team. I’ve been a security guy for over 10 years now, first cutting my teeth at security vendor Fortify. Fortify is a static analysis tool used … Continue reading Why I’m Investing the Next Phase of my Career in Security Automation, Orchestration, and Response
We would like to congratulate Irek Romaniuk with Commonwealth Financial Network as the Phantom Community Contributor of the Month for November 2017. Irek published a Phantom App for InfluxDB back to the community for all members to benefit from. Thanks, Irek! Community participation is one thing that makes the Phantom Community strong and useful. We encourage … Continue reading Announcing the Phantom Community Contributor of the Month for November 2017
This month we would like to congratulate Robert Martin with Aetna as the Phantom Community Contributor of the Month for October 2017. Robert has been an active member of the community for some time.
This article is a part of a series describing key features of the Phantom Security Automation and Orchestration platform. In this installment of the series, we will explore how the Heads-Up Display (HUD) in Phantom Mission Control™ can shorten the resolution time for security events. The core objective of the HUD is to allow the … Continue reading Mission Control: Using the Heads-Up Display to Speed Situational Awareness
A critical flaw involving the ability, in certain situations, to exploit the root account on Apple macOS 10.13 (High Sierra) systems was reported on November 28, 2017 (CVE-2017-13872). Although Apple moved quickly to mitigate this vulnerability, a scenario like this presents an opportunity to improve upon existing security operations procedures. Toward this goal, we explore how the Phantom Security Automation & Orchestration Platform might help to hunt for and mitigate vulnerabilities like this in the future.
In this installment of the series, we will explore how Phantom Mission Control™ integrates case management tasks into a security operations team’s workflow. By merging case management tasks into Mission Control, analysts save time and better preserve data by eliminating the need to shuttle data between the Phantom Platform and an external ticketing or case management system.
While Security Automation & Orchestration platforms are certainly equipped to handle complex use cases, it’s not the only way to automate. Simple tasks often thought of as daily annoyances are also perfect for automation; “utility playbooks” as one user coined them. These small playbooks pack a powerful punch.