5 Questions with Oliver Friedrichs, Founder and CEO, Phantom

Oliver Friedrichs

Oliver Friedrichs
Founder and CEO, Phantom

5 Questions with Oliver Friedrichs, Founder and CEO, Phantom

1)  You have founded a number of security companies including Immunet and now Phantom. Why must the industry continue to innovate to stay ahead of the evolving cyberthreat?

The security industry is unlike any other.  Every day brings a new surprise, whether it’s a new security flaw, or the latest breach.  We’re in constant firefight mode in dealing with the most recent problem while attackers have moved on to discover the next.  No other industry has a moving target like ours.

There’s a constant tension between good and evil.  It leads to innovation by both sides as each tries to outsmart the other.   For the most part this is good, but it’s also created problems.

We’ve been building point products for over three decades now.  There are now more than 1,500 security vendors in the market today, and the average enterprise buys from more than 50 of them.

Integration between these products is limited, if it even exists.  While we could hire people in the past to solve that problem, today we simply don’t have enough skilled security practitioners available in the market.  Most companies can’t manage the volume of alerts generated by the army of discrete point products that they’ve now deployed.

Thankfully, innovation still continues.  One of the latest developments are Security Automation and Orchestration (SAO) platforms - built to simplify the integration between these point products while making it easier for analysts to collaborate across their team and manage events to closure.  Ultimately, SAO platforms are providing an innovation that reduces mean time to resolution (MTTR) in the SOC.

2)  What is "alert fatigue" and how does Phantom help security analysts overcome this problem?

We sponsored a research project about a year ago that surveyed more than 100 security professionals in the US.  Nearly three-quarters of those surveyed reported that security alerts are simply ignored because their teams can’t keep up with the suffocating volume. 

Phantom directly benefits teams overwhelmed by security alert volume in a number of ways:

 

  • Automating repetitive tasks to force multiply their team’s efforts and better focus their attention on mission-critical decisions.
  • Reducing dwell times with automated detection and investigation, and reducing response times with playbooks that execute at machine speed.
  • Integrating their existing security infrastructure together so that each part is actively participating in the defense strategy.
  • Providing collaboration across teams in order to bring the full power of a security teams resources to bear.

It’s clear that security risks are only going to increase, and, in order to stay ahead of the threat curve, companies can no longer rely on manual processes. At Phantom we strive to give our customers the automation and orchestration needed to get the most out of their security investments and make it easier to address pertinent alerts.  Phantom customers report time savings of up to 99% when automating routine, labor intensive tasks.

3)  Investigating the Internet history of a suspicious domain name or IP address can provide new information about a cybercriminal's infrastructure. How does the Phantom Security Automation and Orchestration platform integration with Farsight DNSDB App improve this critical task?

The investigation of suspicious IP addresses or domains is standard practice in security investigations.  When handled manually this task might take 20 minutes or more of an analyst’s time for each investigation.  By leveraging the Phantom platform and the Farsight DNSDB App, SOC teams can automate this critical task and reduce investigation time down to seconds.  Further, thanks to the Phantom App model, Farsight DNSDB now seamlessly integrates with more than 170 other security products that can enrich the investigation or allow the team to take action through more than 900 APIs.

This all happens in Phantom Mission ControlTM or through automation playbooks that users have created for issues like phishing, alert investigation, and others.  You can read more about playbooks on the Phantom blog or by joining our community.

4)  Phantom recently had its first user conference. What did you learn from your customers that will help inform the company's future technology and partnerships?

Given the complexity of this problem, we have invested heavily in the user experience. Beyond continued enhancements to the user interface and other current functionality, one area of direction is platform intelligence that will educate and guide a security analyst on what to do next; a concept we call Phantom Mission Guidance™ technology. This will evolve the platform beyond how it is used today, where the analyst directs Phantom on what to do via the Visual Playbook Editor. The current approach is fit for handling known threats with a known procedure and effectively solves security at scale challenges. In the future, providing guidance to an analyst will enable a new level of security handling where threats with no associated procedures can be handled effectively through intelligent guidance from the platform.

5)  Why must security vendors remain humble in the fight against cybercrime?

Being humble is actually one of our company principles at Phantom.  Some say, “the only thing you can count on is change.” It certainly rings true in our industry.  Things can change overnight - we’re ahead one day, only to be behind the next.  If you don’t start with a humble attitude, you’ll be humbled whether you like it or not.  We have to remember that our adversaries are working 24x7 to defeat us, just as we’re working equally hard to defend ourselves.  As we have all witnessed, the stakes have gotten even higher over the past few years.  Like Farsight, we protect some of the most important organizations in the world, and all fit into what is somewhat of a fragile fabric that is the security industry.

 

Stay in touch, subscribe to the   Farsight Security Newsletter