This article is a part of a series describing key features of the Phantom Security Automation and Orchestration platform. In this installment of the series, we will cover a new capability of the platform called Phantom Mission Guidance™. Mission Guidance uses reinforcement learning to make playbook and action recommendations to an analyst while processing a … Continue reading Mission Control: Mission Guidance Playbook and Action Recommendations
Protecting our most important business assets from cyber threats is a growing challenge that we all face. We are more and more dependent on IT and connectedness for the delivery of our services, the operation of our infrastructure, and even our daily life. The growing complexity and scale of the underlying infrastructure exceed the … Continue reading Freddy Dezeure Joins Phantom’s Board of Advisors
This article is a part of a series describing key features of the Phantom Security Automation and Orchestration Platform and how they work to improve the analyst experience. In this specific installment of the series, we will talk about the Analyst Queue. While the Analyst Queue view is not explicitly part of the … Continue reading Mission Control: Improving Efficiency with the Analyst Queue
This blog entry continues an ongoing series of articles describing Phantom Playbooks, which the platform uses to automate and orchestrate your security operations plan. This example examines one of the playbooks included with the Phantom Platform. Introduction Starting with just one successful phishing email, an attacker can quickly hide, pivot, persist, and exfiltrate from our … Continue reading Playbook: Investigating Phishing Attachments with McAfee
Between now and Friday, December 1, 2017, any Phantom Community member that contributes a new app will be issued a FREE PASS to the 2018 Phantom SOC User Conference.
This article is a part of a series describing key features of the Phantom Security Automation and Orchestration Platform and how they work to improve the analyst experience. In this specific installment of the series, we will talk about the ability to promote an event to case and what the case management view looks like … Continue reading Mission Control: Promoting an Event to a Case
Though we’re easily enamored with new technologies like artificial intelligence and machine learning, do they actually help us solve real problems in the SOC like reducing Mean Time to Resolution (MTTR)? Read a security-related press release or been to an event recently? You’ve no doubt been wondering how you managed to do your job all … Continue reading AI, ML – is it all just BS?