Though Phantom only went GA earlier in 2016, we’ve been working on the technology for nearly 3 years. This investment in our architecture has produced meaningful differences – some of which we’ve covered in past blog posts.
One element that is foundational to our architecture is the Phantom App. Apps extend the capabilities of the platform by supporting integration to all of the 3rd party security products that our users want to automate and orchestrate.
Phantom has over 75 Apps, allowing the platform to automate common reputation services, endpoint technologies, sandboxes, firewalls, and common mobile, virtual and cloud based security products.
Apps are closely related to another foundational element in our architecture – actions. Simply put, actions are what you automate – retrieving data for investigative purposes or changing policy on a security device for example. The Phantom platform supports more than 150 actions.
Here’s an example to illustrate both elements:
HackerTarget is a Phantom App that supports 12 actions including tracerouting an IP, executing a whois lookup, and several others. You can see all Phantom Apps and their associated actions at my.phantom.us.
In a race to compete in this emerging market, some vendors have adopted a taxonomy that inflates their App count. For example, what Phantom would call a single Active Directory App with two actions, is instead represented as two separate Apps:
- Active Directory Authenticate App
- Active Directory Query App
It’s misleading, but fortunately also rather transparent. If you are evaluating Security Automation & Orchestration platforms, simply looking at the list of supported apps would reveal the attempt to inflate the count – more Apps equate to a better platform, unless they aren’t really Apps.
What is certainly related and also important to consider is the how Apps are developed for a Security Automation & Orchestration platform. Our community-powered approach means core elements like Apps can be developed by anyone and shared within the community. Users have the option of using community developed Apps entirely or as a starting point for developing their own. Communication and collaboration is encouraged as a way for users to address challenges, share information, and showcase their skills.
VP, Products & Marketing