Last week’s Phantom SOC™ 2017 Conference was a huge success and one of the most educational (and fun) events from the conference was the Phantom Hackathon Challenge. We are happy to announce and recognize the winning team, consisting of three members: Surath de Mel, Optiv Alan Shaikh, BlackRock Xiaobo Liu, Palo Alto Networks The winning … Continue reading Hackathon Winners from Phantom SOC 2017
A common security operations task involves investigating newly discovered servers on an organization's network. Whether detected by a scanning system or through a network detection system, the playbook below is triggered into action once a ticket is created to investigate the newly discovered server.
Team Phantom is excited to announce that version 3.0 of the Phantom Platform is now Generally Available (GA)! This release significantly improves an analyst's experience with the platform, while also helping to improve key Security Operations Center (SOC) metrics like Mean Time to Resolution (MTTR). With hundreds of enhancements and upgrades, you'll notice improvements that … Continue reading Announcing Phantom 3.0: Improved Efficiency and Collaboration, Fully-Integrated Case Management, Mission Guidance™, and More!
This blog entry continues an ongoing series of articles describing Phantom Playbooks; which the platform uses to automate and orchestrate your security operations plan. This example examines one of the playbooks included with the Phantom Platform. In May of 2017, Phantom's Co-Founder and CTO Sourabh Satish held two consecutive Tech Sessions covering capabilities of the Phantom … Continue reading Playbook: Using Filters, Decision-Making Logic, Custom Lists, User Prompts, and Scheduled Actions
New domains are created everyday as part of the normal operation of the Internet Domain Name Service (DNS). Unfortunately, bad actors commonly use newly created domains for criminal activities like spam, malware distribution, or botnet command and control (C&C). They commonly use the new domains within the first few minutes of creating them—making it difficult to build effective domain-based blocking policies.
This month we would like to congratulate Mhike Funderburk with USAA as the Phantom Community Contributor of the Month for June 2017. Mhike has contributed valuable product feedback and feature requests that have significantly helped influence improvements across the Phantom Platform, starting with version 1.x and continuing up until today.
A lost or stolen device not only presents an inconvenience for the owner, but also commonly triggers a data security incident if the device contains company-owned information. Responding to reports of lost or stolen devices promptly and efficiently helps protect your sensitive information and other assets. Moreover, depending on your industry and geography, a rapid and consistent response process ensures that you remain in compliance with state and federal law.