In case you missed the 2017 RSA conference this year, here are a couple of highlights from the Phantom perspective.
So what is a use case? What are the sections? I'm glad you asked. Here is my security version of a use case definition document...
Getting started with security automation begins with having the right objectives and goals in place. One of the keys to success is identifying the right use cases, complete with a prioritized roadmap of implementation and measurement. This article starts you on the journey, providing guidance for developing those use cases.
The App Spotlight series highlights new or recently updated Phantom Apps. Today we’re highlighting the integration between Phantom’s Security Automation and Orchestration (SA&O) platform and the Farsight Security DNSDB threat intelligence solution. Two of the most popular investigational security actions automated with the Phantom platform are lookup ip, which provides reverse DNS information, and lookup … Continue reading App Spotlight: Farsight Security DNSDB—Incorporate DNS intelligence into automated investigations
Your existing security infrastructure probably observes lots of scanning, or reconnaissance, activity every day. While a great portion of this activity can be attributed to the noise generated on the Internet, it can also be an early warning signal to a full on attack. A classic problem for security teams is dealing with this type of … Continue reading Playbook Series: Triage Reconnaissance Alerts
If you are one of the many security analysts that receives threat intelligence about compromised user accounts, you understand the significant amount of time it takes to investigate and respond to each report. In many practices the manual process might include: Parsing the inbound threat intelligence for Indicators of Compromise (IoCs) like username and password … Continue reading Playbook Series: Secure Compromised Accounts
Feedback about the Phantom security automation and orchestration platform is incredibly important to all of us here at Phantom. As the product manager for the Phantom platform, I’m a strong believer of listening to current and future customers, as well as the ever-growing membership of the Phantom community. Our most recent patch release to the … Continue reading Phantom Releases Patch Update to 2.0 Platform