Phantom Automates and Orchestrates Your Security Operations
The Phantom Platform integrates your existing security technologies, providing a layer of connective tissue between them. It supercharges your Security Operations Center (SOC) by automating repetitive tasks and orchestrating multiple concurrent workflows.
Phantom works across the lifecycle of many security scenarios including:
Metrics & Reporting
A Security Automation and Orchestration (SA&O) platform should provide a number of important capabilities supporting a range of common SOC functions.
The Orchestrator oversees all activity on the platform, assisting with decision making, synchronization, and coordination of multiple interdependent tasks.Next: Alert Management
Alert Management drives the triage and response to low-level alerts, events, or other security objects in either an automated, semi-automated, or manual fashion.
Once escalated, Case Management drives the broader cross-functional case or incident lifecycle from creation to resolution.
Playbook Management assists with the maintenance of Standard Operating Procedures (SOPs). Ideally, this capability should provide revision control and sharing across a community or privately within an organization.Previous Next: Automation Editor
The Automation Editor assists users with the codification of manual security operations workflows into automated playbooks. The editor should provide a mechanism for construction of playbooks with and without knowledge of the underlying programming language.
An App Framework provides an extensible interface for new apps to connect the thousands of point security products available today.Previous Next: Metrics & Reporting
Metrics & Reporting
Metrics and Reporting provide human oversight and auditing capabilities. Dashboards consolidate all critical information needed to understand the current state of the platform. Reports provide executive level and detailed technical reporting for any event or case.Previous Next: Automation Engine
The Automation Engine executes individual security actions. Actions are discrete, individual analyst functions traditionally performed manually. Actions are abstracted from individual point security products and translated into machine-executed tasks.Previous
Phantom provides a free community edition and encourages all community members to contribute apps and playbooks that extend the platform to address new security use cases.
Teams need to communicate quickly with one another and document their work for others to understand later. The Phantom Platform includes a collaboration interface within the Mission Control area as well as a Slack app to enable effective team communication.
Phantom Playbooks codify complex workflows that allow first responders to bring to bear all of the experience of your organization to make better decisions and act quickly, confidently, and consistently.
Phantom Playbooks can operate with the right level of supervision for a given situation. Phantom supports having a human in the loop, on the loop, or out of the loop, depending on the task at hand.
The Phantom Platform is hardened and encrypts sensitive information, it supports multi-factor authentication, third-party credential systems, and provides robust role-based access control and full system auditing capabilities.
Phantom was built from the ground up to successfully operate in the most demanding enterprise environments where the volume and velocity of security events can vary dramatically from 1 in one minute to 10,000 the next. High-Availability and distributed deployment models further enhance the platform's scalability and availability.
Open and Extensible
The Phantom Platform was designed for openness and extensibility. As new security scenarios arise, you can easily add new products and new playbooks to your defense system. Our Phantom App wizard simplifies the creation of custom apps that integrate your security infrastructure.
Phantom supports on-premise and cloud-based installations to fit your preferred deployment model. Once installed, the Phantom onboarding assistant helps you configure system settings, connect to a data source, and activate your first few playbooks. Our Visual Playbook Editor (VPE) makes it easy to edit existing or create new playbooks—even if you can’t write code.
Get the Buyer’s Guide
Discover what to look for when comparing security automation and orchestration platforms.Download Guide
The Phantom Community Edition is a free, consumption limited, version of the Phantom Enterprise Edition. The Community Edition allows you to learn with a fully-functional version, test drive the platform in your environment, and collaborate with other members of Phantom Community.