Playbook: Using Filters, Decision-Making Logic, Custom Lists, User Prompts, and Scheduled Actions

This blog entry continues an ongoing series of articles describing Phantom Playbooks; which the platform uses to automate and orchestrate your security operations plan. This example examines one of the playbooks included with the Phantom Platform. In May of 2017, Phantom's Co-Founder and CTO Sourabh Satish held two consecutive Tech Sessions covering capabilities of the Phantom … Continue reading Playbook: Using Filters, Decision-Making Logic, Custom Lists, User Prompts, and Scheduled Actions

Playbook: Risk-Based Domain Blocking

New domains are created everyday as part of the normal operation of the Internet Domain Name Service (DNS). Unfortunately, bad actors commonly use newly created domains for criminal activities like spam, malware distribution, or botnet command and control (C&C). They commonly use the new domains within the first few minutes of creating them—making it difficult to build effective domain-based blocking policies.

Playbook: Automated Lost or Stolen Device Response

A lost or stolen device not only presents an inconvenience for the owner, but also commonly triggers a data security incident if the device contains company-owned information. Responding to reports of lost or stolen devices promptly and efficiently helps protect your sensitive information and other assets. Moreover, depending on your industry and geography, a rapid and consistent response process ensures that you remain in compliance with state and federal law.

Playbook: Escalate Whaling and Other Attacks Targeting Executives

Whaling is a specific kind of spear phishing attack that's targeted at your organization's high-profile business executives, top leaders, and other roles that have access to highly-sensitive information. The goal of this type of attack is to deceive a high-value target into divulging confidential company information. The attacker will usually attempt to obtain passwords, which they can then use to gain access to more information.

Playbook: Detect, Block, Contain, and Remediate Ransomware

Today’s post continues an ongoing series on Phantom playbooks; which the platform uses to automate and orchestrate your security operations plan. This example examines one of the playbooks included with the Phantom platform.  Ransomware is one the leading threats facing organizations today. With volumes of malicious inbound emails and already infected devices within your environment, … Continue reading Playbook: Detect, Block, Contain, and Remediate Ransomware

Automate Your Response to WannaCry Ransomware

We’ve highlighted the Phantom Community Ransomware Playbook before on the Phantom Blog. It is a general purpose ransomware playbook that is adaptable to many different types of ransomware. Given the widespread impact of the WannaCry threat, however, we wanted to dedicate a blog entry to this particular threat and provide you with customized playbooks and … Continue reading Automate Your Response to WannaCry Ransomware