Introduction By many accounts, Security Automation and Orchestration (SA&O) has been a hot topic among Information Security (InfoSec) professionals since 2016. With all that interest comes operations teams trying to figure out how to get started with the technology. It seems fitting as 2018 gets underway, then, that we offer up some advice for taking your first steps toward leveraging automation and orchestration in your practice.
Rich Bowen recently joined Phantom as our Vice President of Engineering. We asked Rich to provide his thoughts on the industry and what led him to join the Phantom team. I’ve been a security guy for over 10 years now, first cutting my teeth at security vendor Fortify. Fortify is a static analysis tool used … Continue reading Why I’m Investing the Next Phase of my Career in Security Automation, Orchestration, and Response
We would like to congratulate Irek Romaniuk with Commonwealth Financial Network as the Phantom Community Contributor of the Month for November 2017. Irek published a Phantom App for InfluxDB back to the community for all members to benefit from. Thanks, Irek! Community participation is one thing that makes the Phantom Community strong and useful. We encourage … Continue reading Announcing the Phantom Community Contributor of the Month for November 2017
This month we would like to congratulate Robert Martin with Aetna as the Phantom Community Contributor of the Month for October 2017. Robert has been an active member of the community for some time.
This article is a part of a series describing key features of the Phantom Security Automation and Orchestration platform. In this installment of the series, we will explore how the Heads-Up Display (HUD) in Phantom Mission Control™ can shorten the resolution time for security events. The core objective of the HUD is to allow the … Continue reading Mission Control: Using the Heads-Up Display to Speed Situational Awareness
A critical flaw involving the ability, in certain situations, to exploit the root account on Apple macOS 10.13 (High Sierra) systems was reported on November 28, 2017 (CVE-2017-13872). Although Apple moved quickly to mitigate this vulnerability, a scenario like this presents an opportunity to improve upon existing security operations procedures. Toward this goal, we explore how the Phantom Security Automation & Orchestration Platform might help to hunt for and mitigate vulnerabilities like this in the future.
In this installment of the series, we will explore how Phantom Mission Control™ integrates case management tasks into a security operations team’s workflow. By merging case management tasks into Mission Control, analysts save time and better preserve data by eliminating the need to shuttle data between the Phantom Platform and an external ticketing or case management system.