Though Phantom only went GA earlier in 2016, we’ve been working on the technology for nearly 3 years. This investment in our architecture has produced meaningful differences – some of which we’ve covered in past blog posts. One element that is foundational to our architecture is the Phantom App. Apps extend the capabilities of the … Continue reading App Envy? You decide…
Security professionals generally agree that the demand for threat intelligence is growing. With the ability to focus security teams and tools on the most relevant and high-risk threats, the context and tailored priority that threat intelligence feeds provide are undisputed benefits. While it sounds like a win/win situation—the threat intel comes in, it’s applied, and … Continue reading Preventing Threat Intelligence Overload
I have had the honor of working with first-rate security operations teams around the world. Whether I was in the CISO role at one of the top 5 companies in the Fortune 500, running Security Operations Centers in the frenetic world of financial exchanges, or responding to threats against the critical infrastructure industry, there are … Continue reading Paul Davis Joins Phantom as VP of Delivery
In the first of a new series spotlighting Phantom Apps, today we’re highlighting the integration between Phantom’s Security Automation and Orchestration (SA&O) platform and the ReversingLabs A1000 Malware Analysis Platform. Gaining analyst productivity is paramount to improving your organization’s security posture against file-based threats. One way to increase a team’s productivity is by automating the … Continue reading App Spotlight: ReversingLabs: Real-Time Classification of Malware Samples
This playbook outlines how you can automate the investigation and containment of keylogger-infected endpoints. The playbook is designed to quickly investigate a suspected keylogger infection and contain it, if confirmed, until you can further investigate—reducing the chances that sensitive information will be lost.
Though one might question if their origins were for good or evil, botnets have been used for both causes for years. For bad actors, botnets represent a cheap and powerful form of automation. With bots dispersed across a vast network of infected computers and controlled by a Command and Control (C2) server, automation directs the … Continue reading Are You Bringing a Knife to a Gun Fight?
Most security professionals will agree; the most reliable way to remediate Rootkit infections on Virtual Machines (VMs) is to re-image or revert the virtual machine to a pre-infected state. Today’s entry to our playbook series examines a Phantom playbook, included with our version 2.0 release of the platform, that automates this scenario. A visual representation … Continue reading Playbook Series: Rootkits: Automatically Remediate Virtual Machines