This article is a part of a series describing the essential criteria of a Security Automation and Orchestration platform. One of the most important functions of a Security Automation and Orchestration (SA&O) platform is to reduce the need to manually triage low priority and false positive alerts. Just after data ingestion, an alert management … Continue reading Core SA&O Platform Capability: Alert Management
Phishing investigations is one of the most common use cases that we have observed security teams selecting to automate. We’ve written about it before, and covered it on a few Phantom Tech Sessions. Still, as I learned more about Rackspace’s use case, I thought it would be interesting to share it with the community. It’s … Continue reading Phishing in South Texas
Last month on March 23, 2107 the Johns Hopkins University Applied Physics Lab (JHU/APL) held their most recent Integrated Adaptive Cyber Defense (IACD) Project Community Day. The event hosted 136 unique organizations across a variety of industries. It featured an IACD Overview, an IACD Framework Brief, and an Implementation Findings Brief presented by the JHU/APL … Continue reading Integrated Adaptive Cyber Defense Project
We have another exciting partner and community playbook lined up for the Tech Session this week! We are featuring a new Phantom app that integrates with PhishMe’s Phishing Defense Cloud. We talk often about the depth, or completeness, of Phantom apps. The PhishMe app is no exception, providing seven actions that span ingestion as well as … Continue reading PhishMe Joins the Next Phantom Tech Session
The focus of next week’s GITEC Summit is described as: The continued transition and transformation surrounding the development, implementation, management, and use of information technology for mission-critical functions. Government transformation is also a theme that resonates here at Phantom. Many are surprised to learn that government transformation was actually the impetus for Phantom. Before I … Continue reading Phantom and the U.S. Government’s Digital Transformation
This entry is part of a series that outlines key criteria to consider when evaluating Security Automation & Orchestration (SA&O) platforms. This entry focuses on the automation engine, one of eight core components of an SA&O platform. Like the orchestrator component we explored in the first entry of this series, the automation engine component is another critical area when evaluating an SA&O platform.
This entry is the first in a series that outline key criteria to consider when evaluating Security Automation & Orchestration (SA&O) platforms. Here at Phantom, we define security orchestration as “the machine-based coordination of a series of interdependent security actions across a complex infrastructure.” Considering this definition, it’s easy to derive that one of the … Continue reading Top Three Criteria of an Orchestrator