One of the most important aspects to consider when evaluating a security automation and orchestration (SA&O) platform is the inherent security features it offers. An SA&O platform holds security infrastructure details, authentication credentials, operations and response plans, security event data, and other highly-sensitive information. It also serves as the operating system for your security infrastructure, … Continue reading Evaluating an SA&O Platform’s Security
Today’s post continues an ongoing series on Phantom playbooks; which the platform uses to automate and orchestrate your security operations plan. This example examines one of the playbooks included with the Phantom platform. Ransomware is one the leading threats facing organizations today. With volumes of malicious inbound emails and already infected devices within your environment, … Continue reading Playbook: Detect, Block, Contain, and Remediate Ransomware
This month we would like to congratulate Yoshizumi Sakai, from Tokyo Electron Device, as the Phantom Community Contributor of the Month for May 2017. In the month of May, Yoshizumi wrote several Phantom Apps to support the joint customers and users of Tokyo Electron Device and Phantom. Yoshizumi kindly contributed the apps he authored back … Continue reading Announcing the Phantom Community Contributor of the Month for May 2017
This example Phantom Playbook below provides an automated response plan to the malicious insider. Acting swiftly to gather data, disable the user, and alert the proper people within the organization is key to reducing risk and avoiding greater loss.
In Security Automation & Orchestration (SA&O), connectors to different technologies that already exist in customer environments are critical to the success of a SA&O platform deployment. When talking to customers and partners, I often find myself saying, “An orchestration platform is useless if it doesn’t orchestrate across all necessary technologies.” That is why connectors are … Continue reading Tech Session: Hear From a Community App Developer
This article is a part of a series describing the essential criteria of a Security Automation and Orchestration platform. Two key benefits from your automation efforts should include increased productivity and increased quality. Metrics that demonstrate these increases are critical to measuring the overall effectiveness of a Security Automation and Orchestration (SA&O) platform. Metrics also … Continue reading Core SA&O Platform Capability: Metrics & Reporting
To coincide with an upcoming webinar, we recently presented guest Forrester Senior Analyst Joseph Blankenship with a series of questions about the current and predicted future state of Security Automation and Orchestration (SAO). Below are his responses to our questions and the Forrester view on the market. How does SAO help security teams? Security teams … Continue reading How Must SAO Solutions Evolve to Gain Widespread Adoption?