Founder and CEO, Phantom
Founder and CEO, Phantom
The security industry is unlike any other. Every day brings a new surprise, whether it’s a new security flaw, or the latest breach. We’re in constant firefight mode in dealing with the most recent problem while attackers have moved on to discover the next. No other industry has a moving target like ours.
There’s a constant tension between good and evil. It leads to innovation by both sides as each tries to outsmart the other. For the most part this is good, but it’s also created problems.
We’ve been building point products for over three decades now. There are now more than 1,500 security vendors in the market today, and the average enterprise buys from more than 50 of them.
Integration between these products is limited, if it even exists. While we could hire people in the past to solve that problem, today we simply don’t have enough skilled security practitioners available in the market. Most companies can’t manage the volume of alerts generated by the army of discrete point products that they’ve now deployed.
Thankfully, innovation still continues. One of the latest developments are Security Automation and Orchestration (SAO) platforms - built to simplify the integration between these point products while making it easier for analysts to collaborate across their team and manage events to closure. Ultimately, SAO platforms are providing an innovation that reduces mean time to resolution (MTTR) in the SOC.
We sponsored a research project about a year ago that surveyed more than 100 security professionals in the US. Nearly three-quarters of those surveyed reported that security alerts are simply ignored because their teams can’t keep up with the suffocating volume.
Phantom directly benefits teams overwhelmed by security alert volume in a number of ways:
It’s clear that security risks are only going to increase, and, in order to stay ahead of the threat curve, companies can no longer rely on manual processes. At Phantom we strive to give our customers the automation and orchestration needed to get the most out of their security investments and make it easier to address pertinent alerts. Phantom customers report time savings of up to 99% when automating routine, labor intensive tasks.
The investigation of suspicious IP addresses or domains is standard practice in security investigations. When handled manually this task might take 20 minutes or more of an analyst’s time for each investigation. By leveraging the Phantom platform and the Farsight DNSDB App, SOC teams can automate this critical task and reduce investigation time down to seconds. Further, thanks to the Phantom App model, Farsight DNSDB now seamlessly integrates with more than 170 other security products that can enrich the investigation or allow the team to take action through more than 900 APIs.
This all happens in Phantom Mission ControlTM or through automation playbooks that users have created for issues like phishing, alert investigation, and others. You can read more about playbooks on the Phantom blog or by joining our community.
Given the complexity of this problem, we have invested heavily in the user experience. Beyond continued enhancements to the user interface and other current functionality, one area of direction is platform intelligence that will educate and guide a security analyst on what to do next; a concept we call Phantom Mission Guidance™ technology. This will evolve the platform beyond how it is used today, where the analyst directs Phantom on what to do via the Visual Playbook Editor. The current approach is fit for handling known threats with a known procedure and effectively solves security at scale challenges. In the future, providing guidance to an analyst will enable a new level of security handling where threats with no associated procedures can be handled effectively through intelligent guidance from the platform.
Being humble is actually one of our company principles at Phantom. Some say, “the only thing you can count on is change.” It certainly rings true in our industry. Things can change overnight - we’re ahead one day, only to be behind the next. If you don’t start with a humble attitude, you’ll be humbled whether you like it or not. We have to remember that our adversaries are working 24x7 to defeat us, just as we’re working equally hard to defend ourselves. As we have all witnessed, the stakes have gotten even higher over the past few years. Like Farsight, we protect some of the most important organizations in the world, and all fit into what is somewhat of a fragile fabric that is the security industry.