Playbook: Automated Lost or Stolen Device Response

A lost or stolen device not only presents an inconvenience for the owner, but also commonly triggers a data security incident if the device contains company-owned information. Responding to reports of lost or stolen devices promptly and efficiently helps protect your sensitive information and other assets. Moreover, depending on your industry and geography, a rapid and consistent response process ensures that you remain in compliance with state and federal law.

Playbook: Escalate Whaling and Other Attacks Targeting Executives

Whaling is a specific kind of spear phishing attack that's targeted at your organization's high-profile business executives, top leaders, and other roles that have access to highly-sensitive information. The goal of this type of attack is to deceive a high-value target into divulging confidential company information. The attacker will usually attempt to obtain passwords, which they can then use to gain access to more information.

Playbook: Detect, Block, Contain, and Remediate Ransomware

Today’s post continues an ongoing series on Phantom playbooks; which the platform uses to automate and orchestrate your security operations plan. This example examines one of the playbooks included with the Phantom platform.  Ransomware is one the leading threats facing organizations today. With volumes of malicious inbound emails and already infected devices within your environment, … Continue reading Playbook: Detect, Block, Contain, and Remediate Ransomware

Automate Your Response to WannaCry Ransomware

We’ve highlighted the Phantom Community Ransomware Playbook before on the Phantom Blog. It is a general purpose ransomware playbook that is adaptable to many different types of ransomware. Given the widespread impact of the WannaCry threat, however, we wanted to dedicate a blog entry to this particular threat and provide you with customized playbooks and … Continue reading Automate Your Response to WannaCry Ransomware

Using Custom Lists in Phantom Playbooks

Custom Lists are a powerful capability of the Phantom platform.  Customers typically use Custom Lists to maintain a dynamic list of items that persists on the platform. The function also commonly serves a caching mechanism to reduce overburdening a service. Custom Lists are available on-platform to playbooks and externally to third-party systems. In this blog entry, we will explore … Continue reading Using Custom Lists in Phantom Playbooks