Playbook: Using Filters, Decision-Making Logic, Custom Lists, User Prompts, and Scheduled Actions

This blog entry continues an ongoing series of articles describing Phantom Playbooks; which the platform uses to automate and orchestrate your security operations plan. This example examines one of the playbooks included with the Phantom Platform. In May of 2017, Phantom's Co-Founder and CTO Sourabh Satish held two consecutive Tech Sessions covering capabilities of the Phantom … Continue reading Playbook: Using Filters, Decision-Making Logic, Custom Lists, User Prompts, and Scheduled Actions

Playbook: Risk-Based Domain Blocking

New domains are created everyday as part of the normal operation of the Internet Domain Name Service (DNS). Unfortunately, bad actors commonly use newly created domains for criminal activities like spam, malware distribution, or botnet command and control (C&C). They commonly use the new domains within the first few minutes of creating them—making it difficult to build effective domain-based blocking policies.

Playbook: Automated Lost or Stolen Device Response

A lost or stolen device not only presents an inconvenience for the owner, but also commonly triggers a data security incident if the device contains company-owned information. Responding to reports of lost or stolen devices promptly and efficiently helps protect your sensitive information and other assets. Moreover, depending on your industry and geography, a rapid and consistent response process ensures that you remain in compliance with state and federal law.

A Day in the Life of a Phantom Security Solutions Architect

I recently sat down with Frank Scholl, a Phantom Security Solutions Architect. I wanted to find out more about what a Security Solutions Architect does on a day-to-day basis and how this role enables Phantom customers to be successful with their Security Automation and Orchestration (SA&O) efforts. Frank, describe your role here at Phantom. What … Continue reading A Day in the Life of a Phantom Security Solutions Architect

Playbook: Escalate Whaling and Other Attacks Targeting Executives

Whaling is a specific kind of spear phishing attack that's targeted at your organization's high-profile business executives, top leaders, and other roles that have access to highly-sensitive information. The goal of this type of attack is to deceive a high-value target into divulging confidential company information. The attacker will usually attempt to obtain passwords, which they can then use to gain access to more information.

Evaluating an SA&O Platform’s Security

One of the most important aspects to consider when evaluating a security automation and orchestration (SA&O) platform is the inherent security features it offers. An SA&O platform holds security infrastructure details, authentication credentials, operations and response plans, security event data, and other highly-sensitive information. It also serves as the operating system for your security infrastructure, … Continue reading Evaluating an SA&O Platform’s Security