Our Phantom GA is an exciting milestone. The team worked extremely hard on this first major release and is already making progress on the next.
We’re really the first to provide an open community for Security Automation and Orchestration, and in contrast to other companies touting automation, we address everything from preventative protection and incident response, to regeneration of the environment. Another important distinction relates to what we automate and orchestrate. Phantom goes one step further than merely ingesting and enriching security data, we also execute investigative and containment actions to control the environment and remediate security events.
But let’s get back to the GA. If you already have an account, then you can access the GA release from the portal in the “Product / Releases” section. If you don’t have an account, then please register on our web site via the “Get Phantom Now” option and we will activate an account for you.
If you haven’t attended a semi-monthly Phantom Tech Session, be sure to register. We share use cases and insights on new features. I’d also encourage you to join the Phantom Community by sending an email to firstname.lastname@example.org. When you receive a response, reply to that response to complete your subscription.
OK, so what’s new in the GA release?
- We have doubled the Action limit on our Community Edition platform to allow 100 Actions per day (up from the previous limit of 50). To run more actions, you will need a production license. Our sales team can help.
- The product has undergone extensive functional testing over the last few months. Thanks to all of our beta users who gave us valuable feedback throughout the beta cycle. We have fixed hundreds of issues that were identified via this process.
- We have performed extensive performance and longevity tests ingesting multiple streams of data and running automation via multiple active Playbooks for each of the data streams in parallel.
- While visually the platform may look similar to beta releases, you may notice that in a few pages like “Automation”, the action results are now downloadable as JSON files.
- A new Ingestion Status page has also been added in the “Administration” section that allows users to see their configured and scheduled ingestions and how they have been performing over a period of time.
- The License tab in the Administration / System Settings area now shows “actions per day” that are counted towards the license limit. Actions executed while debugging a Playbook do not count towards this limit.
- Documentation: The in-product and on-portal documentation has been updated to reflect all the new features and updates. The “Automation Engineering Manual” section that documents the APIs has been updated to embed sample Playbooks and code instead of simply referring to “API Sample” Playbooks. We have also deleted the API sample Playbooks from the Community git repo.
- A new Playbook called “Email_PDF” has been added to “Use Case Samples” that showcases how to automate and orchestrate on emails as an input stream. This Playbook extracts PDF attachments from the email, detonates them on a ThreatGrid sandbox, extracts the detonation results and sends an email to the analyst with the results. As a reminder, all the “Use Case Sample” Playbooks are merely examples that show how to use the APIs and implement use cases.
- We’ve disabled SSLv3 support and some weak ciphers on the web server to address the Poodle vulnerability.
The innovation the team is driving is being recognized. If you haven’t heard the news, we were tapped as a finalist for the RSA Conference annual Innovation Sandbox Contest. The competition is dedicated to encouraging out-of-the-box ideas and the exploration of new technologies that have the potential to transform the information security industry.
Exciting times for sure! Thank you for your support & interest!
CTO & Co-Founder
Phantom automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger; Phantom provides the flexibility to connect in-house and third-party systems into one consolidated, integrated and extensible platform. Phantom was founded by enterprise security veterans Oliver Friedrichs and Sourabh Satish who have helped propel companies like Symantec, Sourcefire, Cisco and others to success. For more information visit: www.phantom.us.