Solution

Phantom

Phantom
'
Phantom is a Security Orchestration, Automation & Response(SOAR) platform
that supports security response automation that acquires security threat data
from a variety of sources and automatically analyzes, classifies,
and responds to events according to defined workflows.
Features

Phantom integrates and automates teams, processes, and tools into one to implement smart operations
for security professionals to focus on critical tasks, and quickly responds to reduce attacker's dwell time.

  • Automation
    • Automate repetitive tasks to increase security team capabilities
    • Automated response in seconds
    • Pre-patch intelligence to help you make decisions
  • Orchestration
    • Coordinate complex workflows across SOC
    • Apps : 300 +
    • APIs : 1000 +
  • Collaboration
    • Communication that maintains the context
    • Share with teams
    • Use community knowledge (Phantom Potal Site)
  • Events
    • Sort the most relevant events first
    • Remove noise from workloads
    • Escalate verified events to official Cases
  • Cases
    • Create a case template modeled SOP
    • Various threat response management
    • Embedding automation within case actions
  • Report & Metric
    • Rapid evaluation of operational health and team performance
    • Post-Review Case Review Execution
    • Demonstrate the effectiveness of enterprise security investment
Benefits
  • SoC process standardization
    • Improving security control work capabilities through standardized processes
    • Expansion of business continuity for changes SOC member
    • Prevent user errors and increase work efficiency through automated work processing
  • Improve security control capabilities
    • Reduce analysis time by automating simple repetitive tasks
    • Flexible response to the introduction and change of new devices
Usecase (Email phishing)