Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Dark Reading
Dark Reading
Products and Releases

Phantom Announces New Product, Partners, and Playbooks

Community-Powered Approach to Drive Innovation and Growth

Palo Alto, CA. – October 11, 2016 – Phantom, the first company to provide an open, extensible, and community-powered security automation and orchestration platform, has extended its lead since entering the market and being named RSA Conference 2016’s Most Innovative Startup earlier this year.  Product innovation, plus growth with partners and playbooks shows the strength of a community-powered approach.

“Security automation and orchestration has become a top priority for organizations,” said Oliver Friedrichs, Founder & CEO of Phantom.  “This has driven strong interest in our platform, our partner ecosystem, and the playbooks our community has developed. The innovation and growth proves that reducing time spent on tedious and repetitive tasks through automation is becoming a must-have means of increasing the capacity of security teams and driving consistency for more accurate results.”


Phantom 2.0 became generally available in late September.  Fueled by feedback from customers and the community, this release delivered more than 500 enhancements including:


·         Playbook Editor 2.0 for Tier 3 Analysts to visually create automation playbooks.  The new Playbook Editor provides a new experience through a rich, visual, BPMN-based (Business Process Model & Notation) editor enabling users to create playbooks more easily, with or without coding skills.

·         Mission Control 2.0 for Tier 1 Analysts to triage security events and alerts more efficiently.  The details of the incident, triage, status, and results are presented in a single view, speeding the event and alert triage process for security operations teams.  Mission Control also introduces an Activity Feed that is a Slack-like interface enabling collaboration and commenting between all team members working on an event or alert.

·         Onboarding Process to get new users executing automated playbooks in less than 5 minutes.  The process allows users to quickly configure a data source like a SIEM platform, threat intelligence feed, email message, RESTful API, or sample data, and then configure security tools utilized in the playbook before enabling the automation playbook to execute.

Visit the TryPhantom YouTube channel to see these enhancements and others.



Solution and technology partners are embracing the growing popularity of security automation and orchestration as well as Phantom’s unique, community-powered approach.  Companies like World Wide Technology (WWT) recognize Phantom’s extensibility as a way to grow their services businesses and deliver increased value to clients.

Mike McGlynn, Vice President of Security Solutions at WWT said, “Automation is becoming increasingly important to our clients who face the challenge of limited resources, an increasing threat surface and incident rate, and an overwhelmingly complex IT infrastructure.  We’ve tapped Phantom as a key solution partner based on the strength of their product combined with our security domain expertise.  We are seeing significant demand for security automation from our clients.” 

Phantom’s community-powered approach enables collaboration, development, and sharing of apps and playbooks amongst users. Phantom has more than 75 apps available that span reputation services, endpoint technologies, sandboxing, firewalls, and common mobile, virtual and cloud based security products.  Many of the apps were developed by Phantom partners as well as the community at large.


The new Phantom Playbook Editor and updated community site offers users the most extensive resource in the industry to address security challenges, share information, and showcase their skills.  As with Phantom Apps, many of the playbooks were developed by partners.

Mark Kendrick, Director of Business Development, DomainTools said, "The new Playbook Editor in Phantom 2.0 makes it incredibly easy to build complex registrant and infrastructure pivots on domain names and the actors who register them.  It's the perfect setting for DomainTools data because it makes proven workflows available to an entire team. Our updated DomainTools App will take advantage of the new features in Phantom 2.0, and it will also enable access to our Domain Reputation and Reverse Whois datasets."

Phantom offers playbooks for investigation, threat hunting, and several others through the community playbook library.  Users can easily pull other playbooks from the Phantom Community Site or create their own with the new Playbook Editor in the Phantom 2.0 release.

Anyone interested in seeing how Phantom can help their organization should sign-up for the free Phantom Community Edition, attend a Tech Session to see Phantom in action, and read more about playbooks on the Phantom blog.  Those interested in showcasing their security automation and orchestration skills, may also opt to join Phantom’s Playbook & App Challenge.  The contest, which runs through December 2, 2016, will award a cash prize to the community user submitting the most impressive playbook and app combination.



Phantom, which was recognized as the most innovative company at the 2016 RSA Conference, automates and orchestrates key stages of security operations from prevention to triage and resolution; delivering dramatic increases in productivity and effectiveness. Ranging from simple automation to fully autonomous response, Phantom lets you choose the best balance that fits your organization’s needs while increasing security and accelerating security operations. Focused on closing the security gap by enabling enterprise security operations to be smarter, faster and stronger; Phantom provides the flexibility to connect in-house and third-party systems into one open, integrated and extensible platform. Phantom was founded by enterprise security veterans Oliver Friedrichs and Sourabh Satish who have helped propel companies like Symantec, Sourcefire, Cisco and others to success. For more information visit: www.phantom.us.



Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
PUBLISHED: 2021-01-15
Docker Desktop Community before on macOS mishandles certificate checking, leading to local privilege escalation.
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...