This blog entry continues an ongoing series of articles describing Phantom Playbooks, which the platform uses to automate and orchestrate your security operations plan. This example examines one of the playbooks included with the Phantom Platform. Introduction Starting with just one successful phishing email, an attacker can quickly hide, pivot, persist, and exfiltrate from our … Continue reading Playbook: Investigating Phishing Attachments with McAfee
Phishing investigations is one of the most common use cases that we have observed security teams selecting to automate. We’ve written about it before, and covered it on a few Phantom Tech Sessions. Still, as I learned more about Rackspace’s use case, I thought it would be interesting to share it with the community. It’s … Continue reading Phishing in South Texas
As we approach the one-year anniversary of the Phantom security automation and orchestration platform, we wanted to look back at how new releases of the platform have enabled more sophisticated playbooks. The Phishing playbook is a great example of how new platform developments have lifted the barriers to security automation.
Phishing emails are not a new type of threat to most security professionals, but dealing with the growing volume and potential impact of them require an innovative solution. Today’s entry to our Playbook Series focuses on automating your Incident Response (IR) workflow for this common threat. The Phantom security automation and orchestration platform includes a sample … Continue reading Playbook Series: Phishing: Automate and Orchestrate Your Investigation and Response
I recently joined Phantom, and I am very excited to help grow the 1st community-powered Security Automation & Orchestration platform. There are several ways that you can contribute to the community. Creating and sharing Phantom Apps is a great way to get started (you can read more about Phantom Apps here). My first Phantom App … Continue reading New App for Phishing Investigations
By many accounts, Security Automation and Orchestration (SA&O) has been a hot topic among Information Security (InfoSec) professionals since 2016. With all that interest comes operations teams trying to figure out how to get started with the technology. It seems fitting as 2018 gets underway, then, that we offer up some advice for taking your first steps toward leveraging automation and orchestration in your practice.
This month we would like to congratulate Martin Ohl with McAfee as the Phantom Community Contributor of the Month for September 2017. In just a short period of time, Martin has made a number of contributions to the Phantom Community, including: McAfee OpenDXL App for Phantom https://my.phantom.us/3.0/apps/?search=McAfee%20OpenDXL McAfee Advanced Threat Defense (ATD) App for Phantom https://my.phantom.us/3.0/apps/?search=McAfee%20Advanced%20Threat%20Defense%20(ATD) Phishing … Continue reading Announcing the Phantom Community Contributor of the Month for September 2017
Last week’s Phantom SOC™ 2017 Conference was a huge success and one of the most educational (and fun) events from the conference was the Phantom Hackathon Challenge. We are happy to announce and recognize the winning team, consisting of three members: Surath de Mel, Optiv Alan Shaikh, BlackRock Xiaobo Liu, Palo Alto Networks The winning … Continue reading Hackathon Winners from Phantom SOC 2017
It’s the security circle of life. New threats breed new security technologies and services. Security budgets continue to outpace the prior year’s. Gartner research estimates security spending will exceed $90 Billion in 2017. Expenditures have never been greater, and the rate of growth isn’t slowing down. Despite devoting more of our resources – both technology … Continue reading $90 Billion on Cyber Security and it’s not Enough?
Whaling is a specific kind of spear phishing attack that’s targeted at your organization’s high-profile business executives, top leaders, and other roles that have access to highly-sensitive information. The goal of this type of attack is to deceive a high-value target into divulging confidential company information. The attacker will usually attempt to obtain passwords, which they can then use to gain access to more information.