Playbook Series: Investigate IP Address Performing Reconnaissance Activity

Today’s post continues an ongoing series on Phantom playbooks; which the platform uses to automate and orchestrate your security operations plan. This example covers one of the sample playbooks included with the Phantom 2.0 platform release.  Whether from an intrusion detection system or through log analysis, security devices can generate alerts when reconnaissance activity is detected. … Continue reading Playbook Series: Investigate IP Address Performing Reconnaissance Activity

Playbook Series: Automating from the SafeBreach Hacker’s Playbook™ to Predict & Prevent Attacks

SafeBreach focuses on offensive security by deploying simulators to play the role of a hacker.  A user can orchestrate simulated attacks against elements of their network or cloud infrastructure, applications, and endpoints.  Following the simulated breach, the SafeBreach platform will make recommendations on remediation tactics to better secure the environment. Remediation is where the SafeBreach … Continue reading Playbook Series: Automating from the SafeBreach Hacker’s Playbook™ to Predict & Prevent Attacks

Playbook Series: Investigate and Block Newly Discovered and Publicly-Accessible Server Services on Your Local Network

Today’s post continues an ongoing series on Phantom playbooks; which the platform uses to automate and orchestrate your security operations plan. SIEM platforms, like Splunk used in this example playbook, collect and aggregate log data from your security infrastructure. They can also alert you to a newly discovered server service that is publicly accessible on … Continue reading Playbook Series: Investigate and Block Newly Discovered and Publicly-Accessible Server Services on Your Local Network

Playbook Series: Investigate Suspicious Outbound Connections

Today’s post continues an ongoing series on Playbooks; which Phantom uses to automate and orchestrate your security operations plan. SIEM platforms, like Splunk, collect and aggregate log data from your security infrastructure. When configured, these platforms can alert you to a suspicious outbound connection from your managed networks or endpoints. When an analyst receives a … Continue reading Playbook Series: Investigate Suspicious Outbound Connections

Art Coviello Joins Phantom Board of Advisors

Innovation is deeply rooted in our industry - driven by the attackers who are constantly evolving their techniques and the security industry working against them. I’ve seen the innovation first hand.  At RSA, we built a business on our foundation in authentication and encryption to become a leader in several of the most important information … Continue reading Art Coviello Joins Phantom Board of Advisors