Why I’m Investing the Next Phase of my Career in Security Automation, Orchestration, and Response

Rich Bowen recently joined Phantom as our Vice President of Engineering. We asked Rich to provide his thoughts on the industry and what led him to join the Phantom team. I’ve been a security guy for over 10 years now, first cutting my teeth at security vendor Fortify. Fortify is a static analysis tool used … Continue reading Why I’m Investing the Next Phase of my Career in Security Automation, Orchestration, and Response

Announcing the Phantom Community Contributor of the Month for November 2017

We would like to congratulate Irek Romaniuk  with Commonwealth Financial Network  as the Phantom Community Contributor of the Month for November 2017. Irek published a Phantom App for InfluxDB back to the community for all members to benefit from. Thanks, Irek! Community participation is one thing that makes the Phantom Community strong and useful.  We encourage … Continue reading Announcing the Phantom Community Contributor of the Month for November 2017

Mission Control: Using the Heads-Up Display to Speed Situational Awareness

This article is a part of a series describing key features of the Phantom Security Automation and Orchestration platform. In this installment of the series, we will explore how the Heads-Up Display (HUD) in Phantom Mission Control™ can shorten the resolution time for security events. The core objective of the HUD is to allow the … Continue reading Mission Control: Using the Heads-Up Display to Speed Situational Awareness

Playbooks: Automated Investigation & Mitigation for Apple macOS Root Bypass Issue

A critical flaw involving the ability, in certain situations, to exploit the root account on Apple macOS 10.13 (High Sierra) systems was reported on November 28, 2017 (CVE-2017-13872). Although Apple moved quickly to mitigate this vulnerability, a scenario like this presents an opportunity to improve upon existing security operations procedures. Toward this goal, we explore how the Phantom Security Automation & Orchestration Platform might help to hunt for and mitigate vulnerabilities like this in the future.

Mission Control: Integrated Case Management

In this installment of the series, we will explore how Phantom Mission Control™ integrates case management tasks into a security operations team’s workflow. By merging case management tasks into Mission Control, analysts save time and better preserve data by eliminating the need to shuttle data between the Phantom Platform and an external ticketing or case management system.