TMCnet News
Phantom Security Automation & Orchestration Platform Reduces MTTR Through Integrated Alert and Case Management with Enterprise Grade ArchitecturePhantom, the leader in security automation and orchestration, continues to innovate with new capabilities aimed at simplifying integration with enterprise environments, while making data more readily available to SOC analysts and reducing mean time to resolution (MTTR). Gartner (News - Alert) Research Director, Toby Busa and Principal Research Analyst, Kelly Kavanagh recently noted, "Responding to security incidents requires collaboration across different IT, network and application domains, business units, and stakeholders. Security teams struggle to establish repeatable and measurable processes to investigate and effectively respond to incidents. Emerging products and services can help address these challenges through automated support for investigation and remediation, and through external expertise to augment the security staff1." Phantom 3.0 augments SOC analysts by simplifying the workflow for managing events, providing recommendations to speed resolution, and improving communications across the security and IT teams. "Our rapidly growing customer base, user community, and partners continue to share experience-backed feedback that drives our product development," said Oliver Friedrichs (News - Alert), Founder & CEO of Phantom. "Many of the alert and case management innovations introduced in Phantom 3.0 were a direct result of that feedback. We've also bolstered our enterprise-grade architecture; a strength that reinforces our leadership in the security automation and orchestration market." Alert Management Phantom Mission ControlTM plays a central role in helping analysts triage alerts. Phantom 3.0 further reduces mean time to resolution (MTTR), a key performance indicator for SOC teams, by making event and automation result data easily accessible to the analyst, integrating tools in the SOC to make real-time pivoting across data fast and seamless, and organizing it in a way that makes it easy to understand and take action. Select new Mission Control capabilities in the 3.0 release of Phantom include: Mission Guidance uses a form of Artificial Intelligence, known as reinforcement learning, to suggest possible steps to investigate, contain, eradicate, and recover from a security event. Helpful for new and experienced analysts alike, Mission Guidance augments the human analyst to guide them through the actions and playbooks needed to effectively handle an event. Heads-Up Display is a single place to pin and view the most important information associated with an event including: the original event details, results from automated playbook runs, and other relevant information a playbook author or analyst adds during the investigation. Heads-Up Display simplfies the day-to-day workflow in the SOC by helping analysts to quickly reference the information needed to assess an event before taking action. Timeline (News - Alert) is a way to visualize all activity related to an event in a time sequenced layout. Activity and context for an event can be viewed quickly by scaling up or down through time intervals ranging from seconds to months. Timeline view is particularly useful for collaboration across teams, like when analysts are changing shifts. A new analyst can easily review the activities taken prior to his arrival to orient himself and decide what steps to take next. Case Management Phantom 3.0 integrates case management with the automation capabilities delivered in Mission Control. Events triaged in Mission Control are easily promoted to a case either manually or programmatically through a Phantom Playbook. Phantom Case Management strengthens collaboration across teams by ensuring that cases are handled according to company policy. Once promoted to a case, the case can be managed to closure through either a user defined policy, or via industry standard policies included with Phantom such as NIST 800-61. Unifying case management into Phantom simplifies day-to-day SOC workflow, avoiding the need to pivot between interfaces and eliminating the burden of syncing data between disparate systems. This allows for end-to-end management of the lifecycle of an event from the initial detection and investigation, through to incident confirmation and resolution - all from within a single platform. Enterprise-Grade Architecture Enterprise customers demand a maturity that matches their own. Phantom continues to lead the market in this category with an architecture that satisfies the most demanding environments. Phantom 3.0 adds new capabilities to provide even greater enterprise-grade security, scalability, extensibility, and ease of use: With granular Role-Based Access Control, customers can enforce strict privileges against users and roles which is particularly useful for organizations with multiple physical sites who wish to set controls by location or domain. Support for High Availability improves scalability enabling customers to run a warm standby system. The new App Development Wizard extends the platform's openness simplifying the process and reducing the time needed to create Phantom Apps. Finally, alternative installation methods via RPM, external database management, and support for multiple authentication standards all help with ease of use in an enterprise environment. Phantom 3.0 introduces many other capabilities to help analysts triage alerts, manage cases, and automate their enterprise-grade environments. Visit the Phantom Blog to learn more, or tune into one of our Tech Sessions. Anyone interested in seeing how Phantom can help their organization should sign up for the free Phantom Community Edition. Join more than 5,000 organizations that have already registered to experience community-powered security automation and orchestration. ABOUT PHANTOM Phantom is the leader in security automation and orchestration. It integrates your existing security technologies, providing a layer of connective tissue between them. The Phantom platform helps you work smarter by automating repetitive tasks, effectively force multiplying your team's efforts and allowing them to focus their attention on mission-critical decisions. It also helps you respond faster and reduce dwell times with automated detection, investigation, and response. Using Phantom helps you strengthen your defenses by integrating your entire security infrastructure together so that each part is actively participating in your defense strategy. For more information visit: https://phantom.us/. NOTES: 1 - Gartner, Security Monitoring and Operations Primer for 2017, 30 January 2017
View source version on businesswire.com: http://www.businesswire.com/news/home/20170905005121/en/ |
