Playbook: Investigate IP Address Performing Reconnaissance Activity

Today’s post continues an ongoing series on Phantom playbooks; which the platform uses to automate and orchestrate your security operations plan. This example covers one of the sample playbooks included with the Phantom platform.  Whether from an intrusion detection system or through log analysis, security devices can generate alerts when reconnaissance activity is detected. The Phantom … Continue reading Playbook: Investigate IP Address Performing Reconnaissance Activity

Playbook: Automating from the SafeBreach Hacker’s Playbook to Predict & Prevent Attacks

SafeBreach focuses on offensive security by deploying simulators to play the role of a hacker.  A user can orchestrate simulated attacks against elements of their network or cloud infrastructure, applications, and endpoints.  Following the simulated breach, the SafeBreach platform will make recommendations on remediation tactics to better secure the environment. Remediation is where the SafeBreach … Continue reading Playbook: Automating from the SafeBreach Hacker’s Playbook to Predict & Prevent Attacks

Playbook: Investigate and Block Newly Discovered and Publicly-Accessible Server Services on Your Local Network

Today’s post continues an ongoing series on Phantom playbooks; which the platform uses to automate and orchestrate your security operations plan. SIEM platforms, like Splunk used in this example playbook, collect and aggregate log data from your security infrastructure. They can also alert you to a newly discovered server service that is publicly accessible on … Continue reading Playbook: Investigate and Block Newly Discovered and Publicly-Accessible Server Services on Your Local Network

Playbook: Investigate Suspicious Outbound Connections

Today’s post continues an ongoing series on Playbooks; which Phantom uses to automate and orchestrate your security operations plan. SIEM platforms, like Splunk, collect and aggregate log data from your security infrastructure. When configured, these platforms can alert you to a suspicious outbound connection from your managed networks or endpoints. When an analyst receives a … Continue reading Playbook: Investigate Suspicious Outbound Connections

Art Coviello Joins Phantom Board of Advisors

Innovation is deeply rooted in our industry - driven by the attackers who are constantly evolving their techniques and the security industry working against them. I’ve seen the innovation first hand.  At RSA, we built a business on our foundation in authentication and encryption to become a leader in several of the most important information … Continue reading Art Coviello Joins Phantom Board of Advisors