The number of cyberattacks launched on organizations continues to rise every year. More attacks means more security alerts that security analysts have to triage each day. Many security teams have turned to a security orchestration, automation and response (SOAR) tool to help them automate the ever-increasing volume of security alerts, and respond to threats faster and more comprehensively.
Managing a complex microservice-based architecture requires defending multiple endpoints. Automating security covers a vast amount of tools and methodologies, so making sure they all communicate is critical. Additionally, tool sprawl in any aspect of DevOps requires putting automation to good use. The Logz.io Cloud SIEM focuses on identifying threats. To optimize its effectiveness, we have negotiated and built out multiple integrations tying complementary tools together.
What if you could get your hands on a force multiplier that got rid of the repetitive, routine work that was tying down your team, got more productivity out of your assembled work force, and gave everyone a more challenging, meaningful to-do list that made better use of their knowledge, experience, and passion?
When we discuss Splunk Phantom with customers here at Splunk, we end up talking about phishing pretty frequently. As discussed in a recent blog post, "Phishing Emails — Don’t Get Reeled In!," phishing is a super common issue that almost everyone deals with ad nauseum. It’s also a nuisance to investigate. The good news is that automation excels at dealing with repetitive, mind-numbing workflows like phishing investigations.
Recently, my colleagues Ryan Kovar and Lily Lee created TA-covidIOCs, which is a Splunk TA designed for ingesting IOCs related to COVID-19. Per usual, I immediately saw this as an opportunity to hitch a ride on their coattails and benefit from their hard work. The product of this effort is a Splunk Phantom playbook uncreativly titled, "COVID-19 Indicator Check." The playbook is a simple, self-contained set of actions that takes MD5 file hashes, IPs, domains, and URLs as input.
Potential attackers are really good at what they do. Security analysts see this firsthand with the amount of phishing emails their organizations see daily. A newly released State of the Phish report reveals that nearly 90% of organizations dealt with business email compromise (BEC) attacks in 2019. End users reported 9.2 million suspicious phishing emails globally for the year.
Hi, Let's take a look behind the scenes and find out how Security Orchestration Automation and Response (SOAR) solutions can have a positive impact on your security investigation and response efficiency. In this article, I'll also highlight how Phantom-mobile makes your life as the “officer on duty” a lot easier.
