The Intersection of Security Orchestration & Autonomous Vehicles

As an automotive enthusiast, I’ve been following the coverage of autonomous vehicles since before I joined Phantom.  Now that I’m at Phantom helping to create the first open community for Security Automation and Orchestration, the topic is even more interesting to me.


I think there are a number of parallels in these two “movements” that serve as an interesting backdrop to their adoption if nothing else.  Since I don’t work in a SOC, the comparison is also useful as a way to consider the decision making employed by our customers as they embrace automation in the SOC.

One recurring theme relates to augmentation vs. automation.  The first successful uses cases for autonomous vehicles aren’t as “hands off” as getting into the car, turning your seat to face the rear, and playing board games with your kids for the next 500 miles while the car automatically delivers the family to grandma’s house.

What’s more likely to be adopted first is the automation of routine, lower risk use cases.  Tesla’s recently announced Summon feature that allows owners to park their cars without needing to be inside is a great example.  Today automation (via Summon) helps in a range of situations from pulling into the garage at home to squeezing into tight perpendicular spots.  In time, Summon will enable more sophisticated scenarios like having your Tesla sync with your calendar, wake-up at the appropriate time, and drive autonomously to greet you.

Similarly, Security Automation and Orchestration is likely to follow an “assist first, automate later” approach starting first by automating the triage of security elements like alerts, incidents, threat intelligence, vulnerabilities, and phishing emails. You can read more about simple Security Automation use cases in prior blog posts: Email-based Orchestration and Operationalizing Threat Intel.

Not to be outdone by Tesla, several other manufacturers have advanced their autonomous vehicle game.  Nissan’s Intelligent Drive is yet another example that parallels the trend towards automation and orchestration in security.  For self-driving cars to be accepted, Nissan understands that people will have to trust the technology.  Designers have devised an “Intention Indicator” which, as the name suggests, helps to project what actions the car will take before taking them.

In security, I can remember how similar capabilities dubbed “simulation modes” helped customers make the transition from IDS to IPS.  In this case, it wasn’t needed to build trust with the uninformed user, but rather a way for security pros to understand how the technology would work before fully committing.  In either case, it’s about getting people comfortable with the change.  A construct that could also serve useful as customers adopt Security Automation and Orchestration.

Phantom’s free Community Edition is a great way for security pros interested in automation and orchestration to take a test drive (pardon the pun).  A way to experiment with this emerging category and understand its impact as it becomes more critical to managing the SOC.  You can also register for a Tech Session to experience Security Automation & Orchestration before getting behind the wheel.

Thanks for your support & interest!

CP Morey
VP, Products & Marketing

About Phantom:
Phantom automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger; Phantom provides the flexibility to connect in-house and third-party systems into one consolidated, integrated and extensible platform.

Visit to register for Phantom Community Edition, a free version of Phantom.