I recently sat down with Frank Scholl, a Phantom Security Solutions Architect. I wanted to find out more about what a Security Solutions Architect does on a day-to-day basis and how this role enables Phantom customers to be successful with their Security Automation and Orchestration (SA&O) efforts.
Frank, describe your role here at Phantom. What are some of the things you do on a daily basis?
FRANK: The Security Solutions Architect role was designed to ensure that our customers are successful with the Phantom Platform. On any given day, I participate with our customers in strategic planning, Security Operations Center (SOC) design, formal and informal training, and I also help customers write customized Phantom Playbooks and Apps. We do all this to ensure that our customers are extracting the maximum value possible from the Phantom Platform.
Why is a role like yours so important to have?
FRANK: We bring a lot of experience to the table. We find that organizations, and groups within the organization, have varying levels of SOC maturity. We use our experience to help them plot a strategic plan to mature their operations. We also commonly find that some organizations don’t have the time and/or resources to implement our solution. So from project management to hands-on installation and configuration, to developing new Standard Operating Procedures (SOPs), we augment the talent in place to get to a production-level operational state. The benefit is that the customer gets the value they expect from the platform. In fact, in almost every customer engagement, somewhere during the project the customer has an “aha!” moment where they realize even more potential than they had first imagined. It’s very rewarding to witness this time and again, driving my conviction that the security automation and orchestration market is the right place to be, at the right time.
What are some of the most common issues you encounter when starting a project?
FRANK: I find that people tend to put a box around what they think the platform will do for them. As mentioned earlier, as an engagement progresses, users realize more and more opportunities to drive SOC efficiency. We also commonly find a general lack of process or immature processes, or SOPs. Even when the processes are present, they are usually designed with human constraints in mind. Customers tend to greatly expand their investigations and response processes since the overhead to take important, but time intensive, manual steps is usually negligible when executed in an automated environment.
Another really important issue is that sometimes customers underestimate how well other groups will receive the platform. Sometimes it’s a greater than expected, and they end up needing more resources than originally allocated. Sometimes, however, the project is met with resistance from other groups. Most resistance often stems from access requests for highly-privileged accounts. This is why I generally recommend broad project support across stakeholder groups and gaining executive sponsorship to help break through roadblocks.
How can a customer be better prepared for success with the Phantom SA&O Platform before you begin a project?
FRANK: Before we ever show up onsite, we have a series of web conferences to help the customer get organized and understand the implementation project. We help them explore options on possible ways that the platform will help them work smarter, but there are a few things that would help even before this step:
- Develop a list of security infrastructure so that Phantom Apps that are needed can be identified. This also allows you to identify stakeholders and plan for access to necessary systems.
- Know your current security operations processes. Keep in mind that what you do today might differ from the ideal way that you’d do something once machine-speed automation is assisting your efforts.
- Make sure you have physical or virtual resources allocated and available for the platform.
What one piece of parting advice do you have?
FRANK: Don’t be afraid to imagine much more complex processes than you ever had when you were performing your operations manually. Since the Phantom Platform can work completely behind the scenes for you, without adding additional burdens to your human resources, really focus on what is going to deliver the best security when you conceptualize your processes.