Defining Security Automation & Orchestration – Community Driven

Last month, we started a series on the blog to explore Security Automation & Orchestration as a new technology.  We enabled comments on the series as we are hoping to see participation from the community.

In that first post, we shared a list of key characteristics for Security Automation & Orchestration.  Being “Community Driven” was one of the characteristics, and the focus for today’s post.

community purple

Automation and orchestration platforms require integration with security products and services to function.  These platforms also require “playbooks” or instructions to guide how the orchestration occurs by codifying a security operations (SecOps) plan.  Traditionally, software assets like playbooks and technology integrations have been considered proprietary; intellectual property owned by the developer and shared only with licensed users.

Though still appropriate in some cases, this “closed approach” may not be best for automation and orchestration for several reasons.  Coverage of security products and services may be limited when a single vendor is responsible for developing all integrations.  Ultimately, this limits use case coverage when a required product isn’t supported, or forces a user to develop costly, one-off code for their environment.  Users may also be tasked with developing all playbooks required to support their automation and orchestration requirements, versus sharing this non-proprietary information in a community library such as GitHub.  A “closed approach” may also hamper a user’s opportunity to share tips and ask questions of other users via a mail list or collaboration tools.

A community driven approach works well with security automation and orchestration platforms.  Product integrations and playbooks can be developed by anyone and freely shared in the community.  Users have the option of using community developed assets entirely or as a starting point for developing their own.  Software assets can even be certified by known entities in the community to ensure quality and security standards are met.  Communication and collaboration is encouraged as a way for users to address challenges, share information and showcase their skills.

We’ll continue to elaborate on each of the key characteristics and solicit input from the community.  For now, we’d like to hear your thoughts on the importance of being community driven.

  • Do you agree that it is important?
  • Are there limitations on what can be shared in a community approach?
  • When thinking about automation, what other benefits would you associate with products that are community driven?


CP Morey
VP, Products & Marketing

About Phantom:
Phantom, which was recognized as the most innovative company at the 2016 RSA Conference, automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger; Phantom provides the flexibility to connect in-house and third-party systems into one consolidated, integrated and extensible platform. Phantom was founded by enterprise security veterans Oliver Friedrichs and Sourabh Satish who have helped propel companies like Symantec, Sourcefire, Cisco and others to success. For more information visit:

One thought on “Defining Security Automation & Orchestration – Community Driven

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s