In this installment of the series, we will explore how Phantom Mission Control™ integrates case management tasks into a security operations team’s workflow. By merging case management tasks into Mission Control, analysts save time and better preserve data by eliminating the need to shuttle data between the Phantom Platform and an external ticketing or case management system.
While Security Automation & Orchestration platforms are certainly equipped to handle complex use cases, it’s not the only way to automate. Simple tasks often thought of as daily annoyances are also perfect for automation; “utility playbooks” as one user coined them. These small playbooks pack a powerful punch.
Before joining Phantom, I worked in several security operations roles at a large electric power company. During my time there, we built out our Security Operations Center (SOC) and added numerous security tools to identify, investigate, and respond to cyber threats. As we grew, I realized how difficult it was just to keep track of … Continue reading Playbooks: Going Beyond Incident Response Use Cases
This month we would like to congratulate Martin Ohl with McAfee as the Phantom Community Contributor of the Month for September 2017. In just a short period of time, Martin has made a number of contributions to the Phantom Community, including: McAfee OpenDXL App for Phantom https://my.phantom.us/3.0/apps/?search=McAfee%20OpenDXL McAfee Advanced Threat Defense (ATD) App for Phantom https://my.phantom.us/3.0/apps/?search=McAfee%20Advanced%20Threat%20Defense%20(ATD) Phishing … Continue reading Announcing the Phantom Community Contributor of the Month for September 2017
This article is a part of a series describing key features of the Phantom Security Automation and Orchestration platform. In this installment of the series, we will cover a new capability of the platform called Phantom Mission Guidance™. Mission Guidance uses reinforcement learning to make playbook and action recommendations to an analyst while processing a … Continue reading Mission Control: Mission Guidance Playbook and Action Recommendations
Protecting our most important business assets from cyber threats is a growing challenge that we all face. We are more and more dependent on IT and connectedness for the delivery of our services, the operation of our infrastructure, and even our daily life. The growing complexity and scale of the underlying infrastructure exceed the … Continue reading Freddy Dezeure Joins Phantom’s Board of Advisors
This article is a part of a series describing key features of the Phantom Security Automation and Orchestration Platform and how they work to improve the analyst experience. In this specific installment of the series, we will talk about the Analyst Queue. While the Analyst Queue view is not explicitly part of the … Continue reading Mission Control: Improving Efficiency with the Analyst Queue